BDO Securities (formerly BDO Nomura) has sent out an urgent email alert to all customers that starting January 30, 2022, it will no longer allow the use of OTP Generator for Desktop and Mobile App. Instead, only the One-Time Password via SMS will be accepted when logging into the online accounts (BDO Securities account).
BDO is requesting customers to update their mobile phone numbers registered with the bank so the OTP will be properly sent during the login process. The OTP Generator in the app will still be there but BDO says to disregard it.
This recent move by BDO to disable the OTP Generator could be attributed to the recent hacking incident with BDO online customers.
Just last week, 5 suspects were arrested by the NBI regarding this incident. It is possible that the suspects identified the flaw in BDO’s security system and pointed to the OTP Generator as the weak point, prompting BDO to issue this statement.
otp by sms is totlally bullshit..did BDO think of their thousands of seafarer clients who works mostly at sea all the time? ppano makakareceive ng sms yung mga yun kong nasa laot at wlang signal. BDO should have the option to receive OTP via email kase sa mga barko ngayun ay may internet na so they can have access to emails and not sms in the middle of the sea.
Just last week I can receive the OTP for BDO Securities then suddenly I no longer receive it but the OTP for my BDO Saving Account still coming. I was able to speak with the Customer Service after numerous attempts of dialing their very poor HOTLINE. Of course it cost me several hundred Pesos for this phone calls. He explained that the telecom here in Kuwait is blocking the OTP for BDO Securities and they are working on it to solve the issue. Since I do day trading, their (BDO) failure could mean financial loss for me because I cannot access my account. I am using my account in FirsMetroSec to monitor the stock market. BDO seems don’t care if you loss your investment and they will not provide you details of what is going on or their action to solve the problem. What kind of investment firm is this if they don’t care about your investment and they will just leave you in the dark?
Please don’t use BDO Nomura, you’ll surely lose money specially if you are a day trader or has target price in mind. The super delayed OTP will cause you a huge headache and a pocket ache as well. Learned from experience.
BDO SUCKS
Says a lot about BDO’s competence in security.
SMS 2FA is inherently flawed and is more prone to attacks. Security experts have been advising against using SMS authentication for years and here we see one of the biggest bank in the country taking a step back in their security. You reason that your OTP generator is your weakest link but that’s because you retards decide to implement your own OTP rather than follow the industry standard.
You should fire the person who made this retarded decision.
So ridiculous. Right from the start of OTP, I had said to BDO, that if someone could hack into a person’s account, they will in no time learn to hack through a simple OTP. I remember the manager saying that that would be impossible. I told him nothing is impossible. He reiterated, that this was. So now a few years later, here we are with what problem? Oh, that’s right, someone figured out how to hack the OTP. Not only that. It had been well known, that this is the weakest link in the entire online banking access steps. Wow! Great job BDO.
Based on the email I received from BDO Securities, this will only be affecting those who use the services of BDO Securities
Wouldn’t this be less secure than authenticator app-based OTP? SMS messages can be intercepted in transit.
Paul you are so handsone ?…v
Yes, absolutely. This was the issue brought up from the start. SMS, and/or emails, are quite simple to intercept.
I got an email but from BDO SECURITIES only or the stock trading arm of BDO. This news only applies to BDO SEC. BDO Sec wont accept the generated OTP, only the SMS generated one.
Bdo is the point weak.