GCash In-App OTPs System, Fully Rolled Out To Combat Phishing Scams and Fraud

GCash's new In-App OTP system delivers authentication requests directly through secure push notifications, helping protect users from phishing scams, SMS interception, and financial fraud.

• Stronger Protection: GCash replaces SMS-based OTPs with secure in-app authentication via push notifications.
• Faster Transactions: Users can verify transactions instantly without switching apps or manually entering codes.
• BSP-Compliant Upgrade: The transition supports the Bangko Sentral ng Pilipinas directive under AFASA to strengthen cybersecurity.

As digital scams continue to evolve across the Philippines, GCash is taking another major step to protect its users.

The country's leading finance super app and largest cashless ecosystem has announced the full rollout of its new In-App One-Time Passwords (OTPs) feature, replacing traditional SMS-based OTP authentication by June 22, 2026. The move forms part of GCash's broader effort to combat phishing attacks, account takeovers, and other forms of financial fraud that continue to target digital wallet users.

The security enhancement also aligns with the directive of the Bangko Sentral ng Pilipinas (BSP) under the Anti-Financial Account Scamming Act (AFASA), which calls for the gradual phaseout of SMS-based OTPs across financial institutions by June 2026.

A Safer Alternative To SMS OTPs

For many years, SMS OTPs have served as a standard layer of protection for online transactions. However, cybercriminals have increasingly found ways to exploit them through phishing scams, social engineering attacks, SIM swap fraud, and other forms of digital deception.

With the new system, OTPs are no longer sent via text message. Instead, users receive secure push notifications directly through the authenticated GCash app installed on their smartphones.

This approach significantly reduces the risk of OTP interception while ensuring that only the legitimate account holder can access and use the verification code.

By keeping the authentication process within the app itself, GCash removes one of the most commonly exploited attack surfaces used by scammers.

Faster And More Convenient Verification

Beyond improving security, the new authentication system also streamlines the user experience.

Instead of waiting for a text message to arrive, switching between apps, and manually entering a code, users can now approve transactions through a secure in-app notification. The process reduces friction and helps transactions proceed more quickly.

For everyday users who rely on GCash for bills payment, money transfers, online purchases, and merchant transactions, the upgrade promises both greater protection and added convenience.

How To Enable In-App OTPs

To ensure uninterrupted access to In-App OTPs, users must enable notifications for the GCash application on their devices.

For iPhone Users:

1. Open Settings
2. Tap Notifications
3. Locate and select GCash
4. Enable Allow Notifications

For Android Users:

1. Open Settings
2. Tap Notifications
3. Open the App List
4. Select GCash
5. Enable Allow Notifications

Keeping notifications enabled ensures that OTP requests and security prompts are delivered instantly and securely whenever authentication is required.

Part Of GCash's Multi-Layer Security Strategy

According to GCash, the rollout of In-App OTPs forms part of its broader Multi-Factor Authentication (MFA) framework, an industry-standard security approach that requires multiple verification layers before granting access to sensitive account actions.

"Our upgrade to In-App OTPs is a strategic move to put an end to phishable SMS OTPs. We will shift users to instant, GCash app-verified authentication, to increase the security of their daily transactions," said Miguel Geronilla, Chief Information Security Officer of GCash.

The company noted that MFA significantly lowers the risk of account compromise even if a password or MPIN becomes exposed.

Building On Existing Security Features

The new authentication system complements several security measures already implemented across the GCash platform.

These include Know-Your-Customer (KYC) verification requirements and Facial Recognition verification through the platform's Double Safe security feature.

Rather than adding complexity to the user experience, GCash says In-App OTPs are designed to strengthen protection while maintaining a smooth and accessible customer journey.

As digital financial services continue to become part of everyday life for millions of Filipinos, security remains a critical priority. Through initiatives such as In-App OTPs, GCash aims to stay ahead of emerging threats while helping users transact with greater confidence and peace of mind.

For more information, visit www.gcash.com.