GCash has announced the full rollout of its new In-App One-Time Passwords (OTPs) feature, replacing traditional SMS-based OTP authentication by June 22, 2026, as part of efforts to combat phishing attacks, account takeovers, and other financial fraud. The move aligns with the directive of the Bangko Sentral ng Pilipinas (BSP) under the Anti-Financial Account Scamming Act (AFASA), which mandates the gradual phaseout of SMS-based OTPs across financial institutions. According to TechPinas , the new system delivers authentication requests directly through secure push notifications within the GCash app.
SMS-based OTPs have long been a standard security layer for online transactions, but cybercriminals have increasingly exploited them through phishing, social engineering, SIM swap fraud, and other digital deception tactics. By moving authentication in-app, GCash significantly reduces the risk of OTP interception, ensuring that only the legitimate account holder can access and use the verification code. Users no longer need to switch apps or manually enter codes, streamlining the transaction process.
As digital scams continue to evolve across the Philippines, the enhancement strengthens GCash’s position as the country’s leading finance super app and largest cashless ecosystem. The transition supports the BSP’s cybersecurity push under AFASA, with a June 2026 deadline for financial institutions to phase out SMS OTPs. GCash’s in-app OTP system is now fully available to users, providing faster and more secure transactions.