Simple steps for Android and iPhone users to activate GCash’s safer and more secure In-App OTP authentication.
GCash is rolling out In-App One-Time Passwords (OTPs) beginning June 22, replacing SMS-based authentication in a move aimed at enhancing cybersecurity and protecting users from phishing scams and financial fraud.
The new authentication system delivers OTPs through secure push notifications directly within the GCash app, allowing users to verify transactions without relying on text messages. The change is expected to provide stronger protection against fraud while improving the overall user experience through faster, one-tap verification.
The transition aligns with the Bangko Sentral ng Pilipinas’ directive to phase out SMS OTPs by June 2026 and supports the implementation of the Anti-Financial Account Scamming Act (AFASA), which seeks to strengthen safeguards against digital financial crimes.
According to GCash Chief Information Security Officer Miguel Geronilla, the upgrade eliminates vulnerabilities associated with SMS-based authentication, a common target of phishing and account takeover schemes. By delivering OTPs directly to authenticated devices, the company adds another layer of protection to users’ accounts and transactions.
The In-App OTP system is part of GCash’s broader Multi-Factor Authentication (MFA) strategy, complementing existing security measures such as Know-Your-Customer (KYC) verification and Facial Recognition verification through its Double Safe feature.
As digital payment adoption continues to grow across the Philippines, the move underscores the increasing focus of financial technology providers on balancing convenience with stronger cybersecurity protections for consumers.
