What It Means
- DITO Verified is the first commercially deployed silent network authentication product in the Philippines, using cryptographic SIM exchange to verify users without generating any transmittable code, closing the social engineering attack vector that SMS OTPs leave open.
- DITO Verified works only for DITO subscribers, who account for roughly 8 to 10 percent of the Philippine mobile market, which means any bank that adopts it as its primary authentication method still needs a separate compliant pathway for Globe and Smart users.
- The June 30 BSP OTP phaseout deadline under Circular 1213 and AFASA arrives this week; banks not already deep in integration talks with an authentication partner are not going live through any new product by that date.
- The real beneficiary of DITO Verified is DITO Business, which gains a B2B revenue line and a differentiation argument against Globe and Smart that its subscriber count cannot provide.
- Globe and Smart have their own GSMA Open Gateway-aligned authentication products; the SNA race is not exclusive to DITO, and the race itself does not resolve the carrier fragmentation problem Philippine banks face.
DITO Verified launched June 10 at Grand Hyatt Manila, twenty days before the BSP’s deadline to phase out SMS one-time passwords across the financial sector. The product is technically sound. The market position is smart. The compliance story it tells, though, has a structural hole in it that the press release does not mention.
The product works like this. When a user opens a banking app or e-wallet while connected to DITO mobile data, DITO Verified executes a cryptographic exchange between the mobile network and the SIM card. No code is generated. Nothing is transmitted. The bank receives a verified signal in one to four seconds. Because there is no code to steal, phishing and social engineering attacks have nothing to work with. The fraud vector that has driven most of the SMS OTP exploitation in the Philippines is structurally closed for anyone on this system.
That is the sound part.
The Subscriber Math the Press Release Skips
DITO Telecommunity has roughly 13 to 14 million subscribers. The Philippine mobile market has approximately 160 million active SIM connections. Smart, under PLDT, and Globe together hold the rest.
DITO Verified is carrier-dependent. The cryptographic exchange happens between the mobile network and the SIM. A Globe subscriber opening a bank app cannot be authenticated through DITO’s infrastructure. A Smart user cannot either. The SNA process requires the user to be on DITO’s network for it to work at all.
A bank that adopts DITO Verified as its authentication layer has solved the problem for roughly one in ten of its mobile-active customers. The other nine require a different system. That system also needs to be compliant under BSP Circular 1213, which means it cannot simply be the SMS OTP pathway that just got phased out.
So the bank now maintains two authentication architectures: DITO Verified for DITO subscribers, and something else for everyone else. Whatever “something else” is, it still needs to be built, integrated, tested, and approved. The compliance burden has not been reduced. It has been split.
What DITO Verified Is Actually Selling
Read the DITO Verified rollout as a B2B product story and it makes more sense than as a compliance solution story.
DITO Business, the enterprise arm, has a fundamental market problem. It cannot compete against Globe and Smart on network size. It cannot compete on subscriber volume. But enterprise B2B clients in fintech and banking buy on differentiation, not volume. If DITO can own the “most secure SIM” positioning in Philippine digital banking, it wins a sales conversation that has nothing to do with how many subscribers it has.
The partnership structure makes this explicit. Shush Inc.’s Sherlock platform is already deployed in more than forty countries. Twilio is NYSE-listed and brings enterprise distribution to the deal. For DITO, plugging into that stack is a way to offer a credible, globally proven product to Philippine financial institutions without having built the underlying authentication infrastructure itself. The product’s pedigree is real. The compliance framing is the stretch.
Atty. Adel Tamano’s stated goal, making DITO recognized as “the most secure SIM in the Philippines for mobile banking and digital services,” is a positioning objective. It is about what the brand means in the B2B sales cycle. That is a legitimate business goal. It is not the same as being the solution Philippine banks needed before June 30.
DITO Is Not the Only Telco Running This Play
The GSMA Open Gateway initiative has all three Philippine national operators moving in the same direction. PLDT Enterprise has SmartSafe SilentAccess, which also replaces SMS OTPs and supports BSP Circular 1213. Globe has earned GSMA certification for Number Verification and is rolling out API-based authentication to Philippine banks. Both products address the same fraud vector DITO Verified targets.
DITO’s “first” claim is specific: first to deploy a commercially named, unified carrier-native SNA product through the Shush Sherlock platform. That claim appears accurate. It is a narrower claim than the press coverage suggests.
The fragmentation problem remains regardless of which telco is first. Banks need authentication that works across all three carriers. Until Globe, Smart, and DITO operate a shared carrier authentication layer, or until BSP-supervised institutions connect to all three separately, the architecture stays fragmented. GSMA’s Open Gateway initiative is designed to address exactly this through standardized APIs, but commercial deployment across all three carriers at the level Philippine banks need for full OTP replacement is not complete.
Where the Deadline Exposure Actually Sits
Banks that were not already in active integration discussions with an authentication vendor before this month are not going live with any new system by June 30. Integration timelines for enterprise authentication in financial institutions run weeks to months depending on legacy system architecture, testing requirements, and internal IT capacity.
DITO Verified is a real product with sound technology and a credible compliance story for the slice of the market on its network. For rural banks, thrift institutions, and mid-tier digital lenders that needed a single-vendor path to BSP Circular 1213 compliance, it does not provide one. Those institutions carry the compliance exposure this week, and DITO Verified, with its June 10 commercial launch, does not change that.
The banks that needed a partner already have one. The banks that do not have one are not finding it in the DITO Verified press release.
Monitor the systems, tools, and digital infrastructure decisions redefining competitive advantage in the Tech section of Hemos PH.
