We have received reports of fraudsters pretending to be BPI personnel
so they can obtain personal and account information from our customers.


Email and SMS Phishing

Most commonly used techniques wherein fraudsters send emails or text messages with links to websites that are designed to look legitimate. These malicious websites will request for personal and account information, such as:


  • Card details such as the card number, expiry date and its CVC or CVV number found at the back of the card
  • Online banking log-in credentials such as the user name and password


Voice Phishing

Fraudsters will make a phone call and ask their target for their personal information, and sometimes, they even ask for the One-Time Password (OTP) that is sent to the target’s mobile number.



Do not be tricked into giving your personal information to such requests.
Always remember that BPI will never ask its users for their personal and account information such as the ones mentioned above through emails, calls, or SMS*.



1. Keep in mind that BPI will never ask you to log-in through embedded links in emails and text messages. Do not click on such links or provide any information.
2. When accessing BPI Online, it is best that you directly type https://online.bpi.com.ph in your browser. Check the address bar and look for the “https” and the green padlock in the address bar.

3. The emails pertaining to your BPI Credit, Debit, and Prepaids feature an Email Security Zone found at the top portion of the email. Its purpose is to help you verify that the email was indeed sent by BPI. 

  • Credit Card: Last 3 digits of your Customer Number
    You should check if these digits match with the actual Customer Number found in your statement of account or BPI Online account.
  • Prepaid Card: Last 3 digits of your Card Number.
    You should check if these digits match with the actual Card Number on your Prepaid Card.

  • Debit Card: Last 3 digits of your Account Number.
    You should check if these digits match with the Account Number of your Debit Card.

4. If you unexpectedly receive a One-Time Password (OTP) even though you’re not currently doing any transaction, most likely, there is an ongoing unauthorized use of your card. Please report this to us by calling BPI Phonebanking at 89-100 immediately. Moreover, DO NOT GIVE YOUR OTP to anyone asking for it.

5. When connected to public Wi-Fi networks, don’t log in to your account or do online transactions. Such Wi-Fi networks can be created by fraudsters and they can redirect you to a fake website.

6. Ensure your contact details are always updated in our record so we can reach out to you for important updates and advisories about your account. Visit any BPI Branch or call BPI Phonebanking at 89-100.


If you receive a suspicious e-mail, SMS, or call, please immediately report it to us. Please send a copy of the e-mail or SMS you received to expressonline@bpi.com.ph or call BPI Phonebanking at 89-100 if you feel that your account has been compromised.


Account security is a shared responsibility between the client and the bank. Let us work together to ensure the security of your accounts.


*As indicated in our Internet Banking Service Agreement item 3.2:
“I agree to assume full responsibility for all transactions made in my accounts through the use of my User ID and Password. It is understood that the Password is known only to me and as such, any transaction effected using my Password shall be conclusively presumed to be done by me or authorized by me”





For any concerns, you may email us at expressonline@bpi.com.ph or reach us by calling our hotline numbers at:
Metro Manila: (02) 89-100
Domestic Toll-Free No: 1-800-188-89100 (available for PLDT)
Mobile phone and International Access: 63 + 2 + 891-0000

Bank of the Philippine Islands is supervised by Bangko Sentral ng Pilipinas with telephone number (632) 708-7087.

Privacy Policy