GCash, the Philippines' leading finance super app, has announced the full rollout of its In-App One-Time Passwords (OTPs) system, replacing traditional SMS-based authentication by June 22, 2026, according to TechPinas. The move aims to combat phishing, account takeovers, and other financial fraud targeting digital wallet users.
SMS OTPs have long been exploited by cybercriminals through phishing, SIM swap scams, and social engineering. The new system delivers OTPs via secure push notifications directly through the GCash app, reducing the risk of interception and ensuring only legitimate account holders can access verification codes.
The upgrade aligns with the Bangko Sentral ng Pilipinas directive under the Anti-Financial Account Scamming Act, requiring financial institutions to phase out SMS-based OTPs by June 2026. By keeping authentication within the app, GCash enhances security and streamlines transaction verification for users.