How tokenizing cards is changing payments and fighting fraud in PH

Philippine banks are working to tokenize their cards to integrate with Apple Pay and Google Pay for contactless payment and card detail protection. 

The surge in digital payments has also widened the attack surface for fraudsters, pushing banks and payment providers to invest in technologies that reduce the value of stolen card data. The latest move is tokenization, which Philippine banks are now adopting to secure transactions and prepare their systems for Apple Pay and Google Pay integration.

Despite regular advisories from banks and e-wallet firms, the volume of new scam tactics highlights the need for stronger, system-level protections.

Tokenization has emerged as a key tool developed by the cybersecurity and payments industry to reduce the usefulness of stolen card data. Experts say tokenization protects credit and debit cards by replacing the actual card number with a separate code.

This replacement code—a long, randomly generated sequence—is stored on a user’s device through systems like Apple Pay and Google Pay. Similar to how casino chips don’t have any value but can be exchanged in a cashier for actual money, the code acts as “tokens” that represent a person’s card during transactions. 

The hash code itself cannot be seen, even by the user, and can only be linked from the bank to the contactless payment systems upon registration.  

An added layer of protection

Traditionally, when customers make in-person purchases using their physical card, the card number and all other sensitive details can easily be seen and acquired. Banks say this exposure point, where card numbers are displayed or stored, remains one of the easiest targets for fraud.

There have also been many reports when merchants, who store card information for recurring payments, had their customer database hacked and the card information stolen. 

Through tokenization, a layer of protection is added by removing the need to use the physical card or any of its details in digital or in-store transactions. This means that the card detail is never exposed during the payment process which protects them from being seen by any unwanted and/or malicious parties. 

For merchants, it reduces the security burden and lowers compliance costs since they no longer have to store actual card numbers.

Bearing the brunt of rising scams

Users and businesses continue to bear the brunt of rising scams. In 2024, an estimated P460 billion was lost to different scam strategies, according to the Global Anti-Scam Alliance. In the third quarter of 2025, vishing attacks increased by 78 percent or 62,390 cases, compared to the 34,964 incidents reported in the second quarter, according to anti-scam application Whoscall. 

To curb losses, several Philippine banks have begun tokenization efforts. The Bank of the Philippine Islands (BPI) aims to fully tokenize its cards by 2026, a move industry analysts say will also prepare the bank for deeper integration with global digital wallets.

Once implemented, customers can register with their banks to generate a token and link it to Apple Pay, Google Pay, or similar services. They can then use their smartphones or smartwatches to make tap‑and‑go payments, reducing the exposure of sensitive financial information and speeding up transactions.

Industry watchers say wider tokenization could also accelerate contactless adoption in the Philippines, which remains lower than in other Southeast Asian markets due to legacy payment terminals.