GCash, the Philippines' leading finance super app, has fully rolled out its In-App One-Time Password (OTP) system, replacing traditional SMS-based OTPs with secure push notifications delivered directly through the authenticated app, as reported by TechPinas. The transition, set to be completed by June 22, 2026, aims to combat phishing scams, SIM swap fraud, and other forms of digital deception that have increasingly targeted SMS-based authentication.
SMS OTPs have long been a standard security layer, but cybercriminals have exploited them through phishing, social engineering, and SIM swaps. The new in-app method significantly reduces interception risks by keeping the authentication process within the GCash ecosystem. Users no longer need to switch apps or manually enter codes, making transactions faster and more secure.
The upgrade aligns with the Bangko Sentral ng Pilipinas directive under the Anti-Financial Account Scamming Act (AFASA), which mandates the phaseout of SMS OTPs by June 2026. GCash's move strengthens cybersecurity for its millions of users and sets a precedent for other financial institutions in the country.