GCash has announced the rollout of its In-App One-Time Passwords, or OTPs, as part of a broader push to strengthen account security and reduce exposure to phishing scams and financial fraud. The feature will replace SMS-based authentication and is set to be fully rolled out by June 22, following the directive of the Bangko Sentral ng Pilipinas to phase out SMS-based OTPs by June 2026.
The update is part of the implementation of the Anti-Financial Account Scamming Act, or AFASA, which aims to reinforce cybersecurity safeguards for Filipino users. Instead of waiting for a text message, users will receive OTPs through secure push notifications inside the authenticated GCash app. This creates a safer and more seamless verification experience while keeping the process faster and more convenient.
The shift to In-App OTPs addresses long-standing weaknesses in SMS-based verification, which has been targeted by scammers seeking access to user accounts. By sending OTP requests directly within the app, the system is designed so only the intended user can receive and use the code. This removes the need to switch apps, enter text codes manually, or wait for messages to arrive.
The move is also part of its wider Multi-Factor Authentication strategy. MFA adds multiple layers of protection that can help reduce the risk of account takeovers even when passwords or MPINs are compromised. The new feature adds on existing safeguards such as Know-Your-Customer verification and Facial Recognition verification, also known as Double Safe.
GCash remains committed to improving platform security as digital scams continue to evolve, while keeping the experience simple for users. The new system is meant to strengthen daily transaction security without adding unnecessary friction.
For more information, click here.
Frequently Asked Questions (FAQ)
Q: What is GCash launching?
A: GCash is rolling out In-App OTPs that replace SMS-based authentication.
Q: When will the rollout be completed?
A: The feature is set to be fully rolled out by June 22.
Q: How will users receive OTPs?
A: OTPs will arrive through secure push notifications inside the GCash app.
Q: Why is GCash making this change?
A: The move is meant to reduce phishing risks, fraud exposure, and vulnerabilities tied to SMS-based OTPs.
Q: What security measures support the new system?
A: GCash said the feature is part of its Multi-Factor Authentication strategy and builds on KYC and Facial Recognition verification.
Emman has been writing technical and feature articles since 2010. Prior to this, he became one of the instructors at Asia Pacific College in 2008, and eventually landed a job as Business Analyst and Technical Writer at Integrated Open Source Solutions for almost 3 years.
