GCash, the leading finance super app in the Philippines, has announced the full rollout of its In-App One-Time Passwords (OTPs) system, replacing traditional SMS-based OTP authentication by June 22, 2026. According to TechPinas, the new feature delivers authentication requests directly through secure push notifications within the GCash app, aiming to protect users from phishing scams, SMS interception, and financial fraud.
The transition addresses increasing exploitation of SMS OTPs by cybercriminals through phishing, social engineering, and SIM swap attacks. By keeping OTPs within the authenticated app, the risk of interception is significantly reduced, ensuring only legitimate account holders can access verification codes. The upgrade also supports the Bangko Sentral ng Pilipinas (BSP) directive under the Anti-Financial Account Scamming Act (AFASA), which mandates the gradual phaseout of SMS-based OTPs across financial institutions by June 2026.
GCash emphasized that the in-app OTP system strengthens security without compromising user convenience, as transactions can be verified instantly without switching apps or manually entering codes. The move is part of a broader effort to combat evolving digital scams and protect the growing number of GCash users across the country, reinforcing the company's commitment to secure cashless transactions.