The financial platform GCash will fully roll out its new in-app One-Time Password (OTP) feature by June 22, 2026. This security update replaces traditional text message verification codes with secure push notifications sent directly inside the mobile application. The change aims to protect millions of users across the Philippines from phishing scams and digital financial fraud.
For years, cybercriminals have targeted SMS text messages through phishing websites, text spoofing, and social engineering to hijack mobile wallet accounts. By moving the verification process entirely within the platform, GCash aims to eliminate these external vulnerabilities. The updated system allows for a faster, one-tap authentication process, which means users will no longer need to switch between applications or manually type in text codes to approve their daily transactions.
This major security transition complies with an official directive from the Bangko Sentral ng Pilipinas (BSP) to phase out SMS-based OTPs by June 2026. The policy aligns with the country’s Anti-Financial Account Scamming Act (AFASA), a legislative measure created to strengthen national cybersecurity safeguards and curb the rising incidence of digital crime. Financial institutions across the country are moving toward these updated security frameworks to protect consumers in an expanding cashless ecosystem.
The introduction of in-app verification is part of a broader, multi-factor authentication strategy managed by GCash. This industry-standard protocol adds multiple independent layers of defense to user accounts, significantly reducing the risk of unauthorized account takeovers even if a user’s password or MPIN is accidentally exposed. To avoid any disruptions during transactions, GCash advises its customers to keep their mobile apps updated to the latest version and ensure that device push notifications are fully enabled.
