GCash will roll out its new in-app one-time password feature on June 22, 2026, replacing SMS-based authentication to better protect users from phishing and financial fraud. This change follows the Bangko Sentral ng Pilipinas’ order to phase out SMS OTPs by June 30, and aligns with the Anti-Financial Account Scamming Act to curb digital crime.
Instead of receiving codes via text, users will get unique OTPs through secure push notifications inside the GCash app. This method stops cybercriminals from intercepting messages, as codes are only accessible within the verified platform. It also makes transactions faster, letting users authenticate with one tap without switching apps or typing codes manually.
According to GCash chief information security officer Miguel Geronilla, the upgrade eliminates the risk of phishable SMS codes and shifts to app-verified protection for daily transactions. The feature is part of the platform’s multi-factor authentication framework, an industry standard that secures accounts even if passwords or MPINs are exposed.
This update builds on existing safety tools like KYC checks and facial recognition, adding stronger security without making the service harder to use. As digital scams grow more advanced, GCash says it will keep improving its systems to set higher safety standards for digital finance in the country.
