Gcash Fully Rolls Out In-App Otps to Strengthen Protection Against Online Scams

New security feature replaces SMS OTPs as part of efforts to combat phishing attacks and financial fraud.

GCash is taking another major step to strengthen digital security as it begins the full rollout of its GCash In-App OTP system, replacing traditional SMS-based one-time passwords by June 22, 2026.

The transition forms part of the company’s broader cybersecurity strategy and complies with directives from the Bangko Sentral ng Pilipinas (BSP) under the Anti-Financial Account Scamming Act (AFASA), which encourages financial institutions to phase out SMS-based authentication methods that are vulnerable to scams.

Under the new system, users will receive verification requests directly through secure push notifications within the GCash app. Instead of waiting for text messages or manually entering codes, users can authenticate transactions through a faster and more secure in-app process.

According to GCash Chief Information Security Officer Miguel Geronilla, the move is designed to eliminate the risks associated with SMS OTP interception and phishing attacks.

“Our upgrade to In-App OTPs is a strategic move to put an end to phishable SMS OTPs. We will shift users to instant, GCash app-verified authentication to increase the security of their daily transactions,” Geronilla said.

The GCash In-App OTP feature helps ensure that verification requests are delivered only to authenticated devices linked to the user’s account. This reduces exposure to fraudulent messages, spoofed OTP requests, and other tactics commonly used by cybercriminals.

The rollout also supports GCash’s broader Multi-Factor Authentication (MFA) framework, which includes existing security measures such as Know-Your-Customer (KYC) verification and Facial Recognition Verification through Double Safe.

Beyond enhanced protection, the new verification process is expected to improve user convenience by removing the need to switch between applications or manually input OTP codes.

As digital financial services continue to grow in the Philippines, security remains a critical priority. By introducing GCash In-App OTP, the company aims to provide stronger protection while maintaining a seamless experience for millions of users nationwide.

The takeaway: As cyber threats become more sophisticated, stronger authentication tools like In-App OTPs help protect users while making digital transactions safer and more convenient.