GCash, the Philippines’ leading finance super app and largest cashless ecosystem, is set to roll out its In-App One-Time Passwords (OTPs) feature by June 22, replacing SMS-based authentication as part of its strengthened cybersecurity measures against phishing scams and financial fraud.
With this latest security enhancement, users now receive their OTPs through secure push notifications directly within the app, providing a safer and more seamless verification experience.
This move by the country’s leading finance super app complies with the directive of the Bangko Sentral ng Pilipinas to phase out SMS-based OTPs by June 2026. The measure aligns with the Anti-Financial Account Scamming Act (AFASA), which aims to strengthen cybersecurity safeguards and curb the growing incidence of digital fraud.
For years, SMS-based OTPs have been targeted by scammers as a means of accessing user accounts. The switch to In-App OTPs is an important step toward addressing these vulnerabilities. By sending OTP requests directly to the user’s authenticated GCash app, GCash ensures that only the intended users can receive and use the unique OTPs, protecting them from unauthorized access.
Instant, one-tap authentication also removes the need to switch apps, type codes, or wait for text messages to arrive, resulting in faster transactions and removing exposure to SMS OTPs that scammers and fraudsters can exploit.
“Our upgrade to In-App OTPs is a strategic move to put an end to phishable SMS OTPs. We will shift users to instant, GCash app-verified authentication, to increase the security of their daily transactions,” said Miguel Geronilla, Chief Information Security Officer of GCash.
The introduction of In-App OTPs is part of the broader strategy of GCash to enhance security through Multi-Factor Authentication (MFA), a well-established industry standard that adds multiple layers of protection when accessing an account. MFA greatly reduces the risk of account takeovers, even if passwords or MPINs are compromised.
GCash has consistently invested in stronger protection systems, including Know-Your-Customer (KYC) verification and Facial Recognition verification (Double Safe). In-App OTPs build on these existing measures, enhancing security without adding unnecessary friction to the user experience.
As digital scams continue to evolve, GCash remains committed to proactively enhancing platform security and setting higher standards for safe and secure digital finance in the Philippines.
For more information, visit www.gcash.com.