The transition aligns with the Bangko Sentral ng Pilipinas (BSP) directive under the Anti-Financial Account Scamming Act (AFASA) to reinforce user security
GCash, the Philippines’ leading finance super app and largest cashless ecosystem, is taking another major step in strengthening digital security with the rollout of its new In-App One-Time Password (OTP) system beginning June 22.
The enhanced authentication feature replaces traditional SMS-based OTPs, providing users with a faster, more secure way to verify transactions while helping protect them from phishing attacks, financial scams, and unauthorized account access.
As part of the transition, GCash is encouraging all users to ensure that push notifications are enabled on their devices so they can continue receiving authentication prompts without interruption.
A Safer Way to Verify Transactions
Instead of receiving verification codes via text message, users will now receive OTP requests directly inside their authenticated GCash app through secure push notifications.
The upgrade not only streamlines the authentication process but also significantly reduces the risks associated with SMS-based verification, which has long been exploited by cybercriminals through phishing schemes, SIM-related attacks, and other forms of digital fraud.
With In-App OTPs, only the authenticated user can receive and approve the verification request, providing an added layer of protection against unauthorized access.
The new system also improves the user experience by eliminating the need to switch between apps, manually enter codes, or wait for SMS messages to arrive. Users can simply approve authentication requests with a single tap, making transactions both faster and more secure.
Supporting National Cybersecurity Efforts
The rollout aligns with the Bangko Sentral ng Pilipinas’ directive requiring financial institutions to phase out SMS-based OTPs by June 30, 2026, as part of broader efforts to strengthen digital banking security.
The initiative also supports the implementation of the Anti-Financial Account Scamming Act (AFASA), which aims to reduce financial fraud by encouraging stronger cybersecurity measures and more secure authentication technologies across the country’s financial sector.
Building on Multi-Layered Security
According to Miguel Geronilla, Chief Information Security Officer of GCash, the move represents a significant milestone in protecting users against increasingly sophisticated cyber threats.
“Our upgrade to In-App OTPs is a strategic move to put an end to phishable SMS OTPs. We will shift users to instant, GCash app-verified authentication to increase the security of their daily transactions.”
The In-App OTP rollout forms part of GCash’s broader Multi-Factor Authentication (MFA) strategy, a globally recognized security standard that requires multiple layers of verification before granting access to an account or approving transactions.
Even if a password or MPIN is compromised, MFA significantly reduces the likelihood of account takeovers by requiring additional authentication that only legitimate users can complete.
Continuing to Raise the Bar for Digital Safety
The new authentication system builds upon GCash’s existing security features, including Know-Your-Customer (KYC) verification and Double Safe Facial Recognition, both of which help safeguard user accounts while maintaining a seamless digital experience.
As online scams continue to evolve, GCash remains committed to investing in advanced security technologies that protect users and reinforce trust in digital financial services.
By replacing vulnerable SMS-based authentication with secure in-app verification, GCash is not only enhancing everyday convenience but also helping set a higher standard for safe, reliable, and fraud-resistant digital finance in the Philippines.
For more information, visit www.gcash.com.
