GCash ramps up user data protection


GCash underscores its strong commitment to protect the accounts and personal information of its customers as it places utmost priority in helping address scam text messages that bear full names of mobile phone users.

The fintech firm also asserts the integrity of the data of its over 66 million users, saying there has been no data breach or leak in its systems. 

"We have been working closely with the National Privacy Commission on the issue of text scams with names.  We wish to assure our customers that our systems and infrastructure remain secure and there is no incidence of any data leak or breach,” shared Mark Frogoso, Chief Information Security Officer of GCash. “Protecting the personal information of our customers remains a top priority which we believe is integral to our vision of achieving Finance for All.

As an added layer of customer protection, GCash swiftly rolled out a feature update that anonymizes the names of users in the send money service. In the past, the name of the person is seen as an added measure of convenience and helps verify that the recipient is correct. 

“We need to strike a balance between customer experience and strengthening measures to keep user information safe from unscrupulous individuals. The feature that shows the full names of recipients was intended to help users verify if they are sending to the right person and avoid being scammed,” Frogoso said. 

Likewise, the e-wallet has started to migrate transaction confirmations from text messages to the app inbox in a bid to improve security and provide customers with easier access to their transaction history.

GCash has been getting strong support from its parent company, Globe Telecom, which has spent $20 million or about P1.1 billion to boost its capabilities in detecting and blocking scam and spam messages.

Through vigorous 24/7 efforts, Globe blocked 784 million scam and spam messages from January to July this year, deactivated 14,058 scam-linked SIMs and blacklisted 8,973 others. Globe also blocked 610 domains or uniform resource locators (URL).

GCash ensures the protection of personal data and accounts of its customers by employing various security measures including cyber threat detection and analytics, vulnerability scanning, as well as incident response and forensics.

Thanks to these world-class tools, the company has been able to detect and take down phishing sites and malicious social media sites that impersonate GCash, with 900 phishing sites and 400,000 social media accounts already taken down.

The leading e-wallet is also in close cooperation and collaboration with concerned government agencies to provide any information they need to prevent the further proliferation of these spam messages. 

GCash has been relentless in working with authorities as it was able to block 1.37 Million fraudulent accounts from January 2021 to July 2022, on top of those blocked by its security systems. Further, GCash has helped arrest fraudsters that have been targeting the hard-earned money of its users.

“As a result of being the most used e-wallet with the largest user base in the Philippines, it is imperative for us to be ahead of the curve when it comes to protecting the personal information and funds that our customers have entrusted to us,” Frogoso said.

GCash has been ramping up efforts against fraudsters and scammers through its #SafeWithGCash campaign, as it urges its users to be extra vigilant when making transactions.

To report scams and fraudulent activities, visit the official GCash Help Center at https://help.gcash.com/hc/en-us or message Gigi on the website and type, “I want to report a scam.” GCash will NEVER send users personal messages to address concerns or get personal information, especially the MPIN and One-time Pin (OTP). Customers can also reach out to the official GCash hotline 2882 for queries and other concerns.