GCash has announced the full rollout of its In-App One-Time Password (OTP) system, replacing traditional SMS-based authentication through secure push notifications. According to TechPinas, the feature is now live for all users and will completely phase out SMS OTPs by June 22, 2026. The upgrade is designed to protect users from phishing scams, SIM swap fraud, and other forms of digital deception that have increasingly targeted SMS-based verification.
The new system delivers authentication requests directly through the GCash app, eliminating the need to switch applications or manually enter codes. This ensures that only the legitimate account holder can access the verification code, reducing the risk of interception by cybercriminals. The transition aligns with the Bangko Sentral ng Pilipinas (BSP) directive under the Anti-Financial Account Scamming Act (AFASA), which mandates the phaseout of SMS OTPs across financial institutions by June 2026.
GCash, the country's leading finance super app and largest cashless ecosystem, said the move forms part of broader efforts to combat account takeovers and financial fraud. By keeping the authentication process within the authenticated app, GCash aims to offer stronger protection as digital scams continue to evolve across the Philippines.