GCash, the leading finance super app in the Philippines, has announced the full rollout of its new In-App One-Time Passwords (OTPs) feature, replacing traditional SMS-based OTP authentication by June 22, 2026, according to TechPinas. The security upgrade delivers authentication requests directly through secure push notifications within the GCash app, helping protect users from phishing scams, SMS interception, and financial fraud.
The move aligns with the directive of the Bangko Sentral ng Pilipinas (BSP) under the Anti-Financial Account Scamming Act (AFASA), which calls for the gradual phaseout of SMS-based OTPs across financial institutions by June 2026. Cybercriminals have increasingly exploited SMS OTPs through phishing, social engineering, and SIM swap fraud, making the transition critical for user security.
With the new system, OTPs are no longer sent via text message but as secure push notifications directly through the authenticated GCash app. This approach significantly reduces the risk of OTP interception, ensuring that only the legitimate account holder can access and use the verification code, thereby strengthening the overall security of digital transactions.