GCash has officially rolled out its In-App One-Time Password (OTP) system today, June 22, 2026, replacing traditional SMS-based authentication for its users. The update is part of the finance super app’s efforts to strengthen account security while complying with the Bangko Sentral ng Pilipinas (BSP) directive to phase out SMS OTPs under the Anti-Financial Account Scamming Act (AFASA).
Why it Matters: SMS OTPs have long been one of the most common targets of phishing attacks and social engineering scams. By moving authentication inside the GCash app, users no longer have to rely on text messages that can be intercepted, redirected, or tricked out of them by fraudsters. The change also supports the BSP’s broader initiative to improve cybersecurity standards across the country’s digital financial services.
With In-App OTPs, users receive verification requests as secure push notifications directly within the authenticated GCash application. Instead of waiting for a text message and manually entering a code, users can approve transactions through a faster and more streamlined process.
According to GCash, this approach ensures that only the verified user with access to the registered device can receive and use the OTP. The company says the new system minimizes exposure to phishing attempts that exploit SMS-based verification.
” Our upgrade to In-App OTPs is a strategic move to put an end to phishable SMS OTPs. We will shift users to instant, GCash app-verified authentication, to increase the security of their daily transactions,” said Miguel Geronilla, Chief Information Security Officer of GCash.
The rollout is part of GCash’s wider Multi-Factor Authentication (MFA) strategy, which combines multiple security layers before granting access to an account or approving sensitive transactions. MFA has become a standard practice across digital financial platforms as it helps reduce the risk of unauthorized account access even if a password or MPIN is compromised.
GCash has also continued investing in additional security features over the past few years. These include Know-Your-Customer (KYC) verification and Double Safe facial recognition verification, both designed to confirm the identity of users before allowing access to financial services.
The new In-App OTP feature builds on these existing protections while aiming to make transactions more convenient. Since users no longer need to switch between messaging and banking apps or manually type verification codes, authentication becomes quicker while reducing opportunities for scammers to intercept or steal OTPs.
As digital payment adoption continues to grow in the Philippines, financial institutions and e-wallet providers are introducing stronger safeguards against increasingly sophisticated scams. The mandatory transition away from SMS OTPs represents one of the latest steps in strengthening consumer protection and improving trust in digital financial services.
For GCash users, today’s rollout means that future authentication requests will now appear directly within the app through push notifications, making secure verification the new standard for transactions on the platform.
What do you think about the shift from SMS OTPs to in-app verification? Let us know if you think this update makes digital payments safer and more convenient.
Discover more from WalasTech
Subscribe to get the latest posts sent to your email.
Get the latest from WALASTECH directly on your Google feed.
Add as a preferred source on Google