GCash, the Philippines' leading finance super app, has fully rolled out its new In-App One-Time Password (OTP) system, replacing traditional SMS-based OTPs to enhance security against phishing and fraud. The transition, reported by TechPinas, is set to be completed by June 22, 2026, as part of the company's broader effort to combat account takeovers and financial scams targeting digital wallet users.
The new system delivers authentication requests via secure push notifications directly within the GCash app, eliminating the need for users to receive codes through SMS. This approach reduces risks of SIM swap fraud, SMS interception, and phishing attacks, ensuring only the legitimate account holder can verify transactions. Users can authenticate instantly without switching apps or manually entering codes, streamlining the transaction process.
The upgrade aligns with the Bangko Sentral ng Pilipinas (BSP) directive under the Anti-Financial Account Scamming Act (AFASA), which mandates the gradual phaseout of SMS-based OTPs by June 2026. As digital scams evolve nationwide, GCash's in-app OTP system marks a significant step in strengthening cybersecurity for the country's cashless ecosystem.