GCash, the Philippines’ leading finance super app and largest cashless ecosystem, is set to roll out its In-App One-Time Passwords (OTPs) feature by June 22, replacing SMS-based authentication as part of its strengthened cybersecurity measures against phishing scams and financial fraud.
With this latest security enhancement, users will receive their OTPs through secure push notifications directly within the app, providing a safer and more seamless verification experience.
This move by the country’s leading finance super app complies with the directive of the Bangko Sentral ng Pilipinas to phase out SMS-based OTPs by June 2026. The measure aligns with the Anti-Financial Account Scamming Act (AFASA), which aims to strengthen cybersecurity safeguards and curb the growing incidence of digital fraud.
Why GCash Is Replacing SMS OTPs
For years, SMS-based OTPs have been targeted by scammers as a means of accessing user accounts. The switch to In-App OTPs is an important step toward addressing these vulnerabilities.
By sending OTP requests directly to the user’s authenticated GCash app, GCash ensures that only the intended users can receive and use the unique OTPs, helping protect accounts from unauthorized access.
The new authentication process also offers a more convenient experience for users. Instant, one-tap authentication removes the need to switch apps, manually enter verification codes, or wait for text messages to arrive. This results in faster transactions while reducing exposure to SMS OTPs that scammers and fraudsters can exploit.
“Our upgrade to In-App OTPs is a strategic move to put an end to phishable SMS OTPs. We will shift users to instant, GCash app-verified authentication, to increase the security of their daily transactions,” said Miguel Geronilla, Chief Information Security Officer of GCash.
In-App OTPs Support Multi-Factor Authentication
The introduction of In-App OTPs forms part of the broader strategy of GCash to enhance security through Multi-Factor Authentication (MFA), a well-established industry standard that adds multiple layers of protection when accessing an account.
According to GCash, MFA greatly reduces the risk of account takeovers, even if passwords or MPINs are compromised. By integrating In-App OTPs into its security framework, the platform strengthens account protection while maintaining a seamless user experience.
The rollout of In-App OTPs demonstrates GCash’s continued efforts to improve account security, strengthen user protection, and help reduce risks associated with phishing scams and financial fraud.
Building on Existing Security Measures
GCash has consistently invested in stronger protection systems, including Know-Your-Customer (KYC) verification and Facial Recognition verification (Double Safe). These measures provide additional safeguards designed to help secure user accounts and transactions.
The addition of In-App OTPs builds on these existing protections, enhancing security without adding unnecessary friction to the user experience. By delivering OTPs directly within the authenticated GCash app, the platform further strengthens its defenses against unauthorized access while keeping transactions fast and convenient.
As digital scams continue to evolve, GCash remains committed to proactively enhancing platform security and setting higher standards for safe and secure digital finance in the Philippines.
The upcoming rollout of In-App OTPs marks another step in the company’s ongoing efforts to strengthen cybersecurity safeguards, improve authentication processes, and provide users with a safer way to verify transactions within the GCash app.
For more information, visit www.gcash.com.
