Mobile wallet giant GCash announced on Monday that it will phase out text-message authentication codes in favor of a more secure, in-app verification system to better protect users from online fraud and scams.
The full rollout of the new “In-App One-Time Passwords (OTPs)” feature is scheduled for completion by June 22. This shift aligns with a mandate from the Bangko Sentral ng Pilipinas (BSP), which requires financial institutions to eliminate SMS-based OTPs by June 30, 2026, in compliance with the Anti-Financial Account Scamming Act (AFASA).
According to GCash, cybercriminals routinely exploit traditional SMS networks through phishing, spoofing, and other interception tactics to hijack user accounts. Moving the authentication process entirely inside the application is expected to significantly reduce these security risks.
GCash Chief Information Security Officer Miguel Geronilla emphasized that the upgrade aims to remove the vulnerabilities inherent in text-based verification.
”Our upgrade to In-App OTPs is a strategic move to put an end to phishable SMS OTPs. We will shift users to instant, GCash app-verified authentication, to increase the security of their daily transactions.”
Beyond safety, the digital wallet provider noted that the change will streamline user experience by eliminating the delays often associated with waiting for network texts.
”Instant, one-tap authentication also removes the need to switch apps, type codes, or wait for text messages to arrive, resulting in faster transactions and removing exposure to SMS OTPs that scammers and fraudsters can exploit.”
The transition reflects a broader push within the local financial sector to elevate Multi-Factor Authentication (MFA) standards as digital payments rise alongside sophisticated cyber threats.
GCash advised its users to enable device notifications for the app to ensure uninterrupted transactions once the system becomes fully operational later this month.