GCash, the Philippines' leading finance super app, has announced the full rollout of its In-App One-Time Passwords (OTPs) feature, replacing traditional SMS-based OTP authentication by June 22, 2026. TechPinas reports that the move is part of a broader effort to combat phishing, account takeovers, and other financial fraud targeting digital wallet users.
Unlike SMS-based OTPs, which are vulnerable to phishing scams, SIM swap fraud, and social engineering attacks, the new system delivers secure push notifications directly through the authenticated GCash app. This eliminates the risk of interception and ensures that only the legitimate account holder can access verification codes, significantly strengthening transaction security.
The upgrade aligns with the Bangko Sentral ng Pilipinas directive under the Anti-Financial Account Scamming Act, which calls for the gradual phaseout of SMS-based OTPs across financial institutions by June 2026. GCash users can verify transactions instantly without switching apps or manually entering codes, enhancing both security and convenience.