It is part of the strengthened cybersecurity measures against phishing scams and financial fraud.
In a recent press statement, keading fintech platform GCash announced that it is set to roll out its In-App One-Time Passwords (OTPs) feature on Monday, June 22.
This will replace SMS-based authentication, which is vulnerable to various fraudulent schemes and cybersecurity concerns.
“For years, SMS-based OTPs have been targeted by scammers as a means of accessing user accounts. The switch to In-App OTPs is an important step toward addressing these vulnerabilities,” noted the fintech giant.
“By sending OTP requests directly to the user’s authenticated GCash app, GCash ensures that only the intended users can receive and use the unique OTPs, protecting them from unauthorized access,” it added.
As part of this transition to In-App OTPs, users are also encouraged to ensure that push notifications are enabled to avoid any disruption on transactions and account activities.
Through the feature, users will receive their OTPs through secure push notifications directly within the app, which is then presented as a safer and more seamless verification experience.
It also noted that this move is in compliance with the directive of the Bangko Sentral ng Pilipinas to phase out SMS-based OTPs by June 30, 2026, which then aligns with the Anti-Financial Account Scamming Act (AFASA), which aims to strengthen cybersecurity safeguards and curb the growing incidence of digital fraud.
Furthermore, jnstant, one-tap authentication also removes the need to switch apps, type codes, or wait for text messages to arrive, resulting in faster transactions and removing exposure to SMS OTPs that scammers and fraudsters can exploit.
“Our upgrade to In-App OTPs is a strategic move to put an end to phishable SMS OTPs. We will shift users to instant, GCash app-verified authentication, to increase the security of their daily transactions,” said Miguel Geronilla, Chief Information Security Officer of GCash.
The introduction of In-App OTPs is also part of the broader strategy of GCash to enhance security through Multi-Factor Authentication (MFA), which is described as “a well-established industry standard that adds multiple layers of protection when accessing an account.”
The MFA greatly reduces the risk of account takeovers, even if passwords or MPINs are compromised.
Meanwhile, GCash also said that it has consistently invested in stronger protection systems, including Know-Your-Customer (KYC) verification and Facial Recognition verification (Double Safe).
“In-App OTPs build on these existing measures, enhancing security without adding unnecessary friction to the user experience,” it added.