GCash has announced the full rollout of its In-App One-Time Password (OTP) feature, replacing traditional SMS-based OTP authentication by June 22, 2026, as reported by TechPinas. The move aims to strengthen user protection against phishing attacks, account takeovers, and financial fraud, while aligning with the Bangko Sentral ng Pilipinas (BSP) directive under the Anti-Financial Account Scamming Act (AFASA), which mandates the phaseout of SMS-based OTPs across financial institutions.
SMS OTPs have long been exploited by cybercriminals through phishing, social engineering, SIM swap fraud, and other tactics. The new system delivers OTPs via secure push notifications directly within the authenticated GCash app, significantly reducing the risk of interception and ensuring that only the legitimate account holder can access the verification code.
With this upgrade, users can verify transactions instantly without switching apps or manually entering codes. The transition supports BSP’s cybersecurity push under AFASA and reinforces GCash’s position as a secure digital finance platform.