GCash has completed the full rollout of its In-App One-Time Passwords (OTPs) system, replacing SMS-based authentication to protect users from phishing scams and financial fraud, according to TechPinas. The shift, which must be completed by June 22, 2026, moves OTP delivery from text messages to secure push notifications sent directly through the authenticated GCash app on users’ smartphones.
The new system addresses vulnerabilities in SMS OTPs, such as interception via SIM swap scams and phishing attacks. By keeping authentication within the app, GCash reduces the risk of account takeovers and ensures only the legitimate account holder can access verification codes. The upgrade also streamlines transactions, allowing users to verify instantly without switching apps or manually entering codes.
GCash’s move aligns with the Bangko Sentral ng Pilipinas directive under the Anti-Financial Account Scamming Act (AFASA), which mandates the gradual phaseout of SMS OTPs across financial institutions by June 2026. As the country’s leading finance super app, GCash aims to strengthen cybersecurity for its millions of users amid rising digital fraud.