ADVERTISEMENT
Manila Bulletin devider Technews devider GCash swiftly resolves unauthorized transaction issues

GCash swiftly resolves unauthorized transaction issues

Following unexpected deductions, GCash promptly restores affected users' funds, attributing the issue to system errors.

Published Nov 11, 2024 06:38 am

At A Glance

  • GCash issued refunds within 24 hours to users affected by unauthorized transactions. The unauthorized deductions were due to a system reconciliation error, not a security breach.<br><br>GCash clarified that users' funds are secure and addressed the issue promptly.<br><br>Some users experienced phishing scams, unrelated to the system error, emphasizing the need for vigilance.<br><br>GCash's response reinforces their commitment to user security, restoring confidence among its customers.

On Saturday, many GCash users reported unauthorized transactions in their accounts, causing widespread concern and frustration. These users saw unexpected deductions of ₱1,000 or ₱2,000, often in quick succession, from their GCash wallets. The funds appeared to have been transferred to phone numbers that users did not recognize, sparking fears of a security breach in GCash's systems.

Affected users took to social media to voice their complaints, share screenshots of the transactions, and tag GCash's customer support for assistance. Many expressed confusion and anxiety as the transfers occurred without notification or authorization, leaving their wallets unexpectedly depleted. The incident affected a broad base of customers, drawing attention to the scale of the problem.

Eight of my friends reached out to me, worried about their accounts. However, as we discussed the issue, it became clear that six had fallen victim to phishing attacks rather than an actual system hack on GCash's end. Each of these six had unwittingly provided sensitive information—such as account credentials or one-time passcodes (OTPs)—to fraudulent websites or individuals posing as GCash representatives. Two of them, however, did not click anything or link their accounts to gambling apps. I told them to report to GCash immediately.

After receiving reports from my friends, I shared a post on social media to address the growing concern. Here's what I wrote:

"Social media in the Philippines is buzzing with claims that GCash may have been hacked. After examining the available information shared by friends, it appears more likely that this is a phishing attack rather than a direct breach. However, I'm still awaiting further data, which could alter my opinion of the situation. Remember, if your OS is updated if you don't click links sent to you, and if you don't engage in online gambling (based on the information I received), you are safe."

This FB post aims to curb speculation and remind users to prioritize digital security basics. It highlights that staying vigilant—especially avoiding unverified links and ensuring system updates—can effectively protect users from such threats. With more data coming in, I wanted to emphasize caution over panic, helping users better understand that the situation might not be as dire as initially thought if they adhere to basic security practices.

In response, GCash issued a statement clarifying the situation. The company attributed the unauthorized deductions to errors in an ongoing system reconciliation process, not a security breach or hack. GCash reassured users that this incident was isolated to a small number of accounts and that all customer funds remained secure. The statement said, "GCash has identified and reached out to affected accounts. Wallet adjustments are ongoing." True enough, in less than 24 hours, missing funds were returned to the ewallet app of those affected. Two of my eight friends who contacted me got their money back.

Technical glitches happen from time to time, and what is important is that GCash accepts responsibility and works to return the affected ewallets. However, it is critical to note that not all unauthorized transactions are eligible for a refund. If GCash's investigation determines that you were a victim of phishing and the transaction is not part of a "system reconciliation," you will not receive a refund.

ADVERTISEMENT
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1561_widget.title }}

{{ item.title }}
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1562_widget.title }}

{{ item.title }}
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1563_widget.title }}

{{ item.title }}

{{ articles_filter_1564_widget.title }}

{{ item.title }}
.mb-article-details { position: relative; } .mb-article-details .article-body-preview, .mb-article-details .article-body-summary{ font-size: 17px; line-height: 30px; font-family: "Libre Caslon Text", serif; color: #000; } .mb-article-details .article-body-preview iframe , .mb-article-details .article-body-summary iframe{ width: 100%; margin: auto; } .read-more-background { background: linear-gradient(180deg, color(display-p3 1.000 1.000 1.000 / 0) 13.75%, color(display-p3 1.000 1.000 1.000 / 0.8) 30.79%, color(display-p3 1.000 1.000 1.000) 72.5%); position: absolute; height: 200px; width: 100%; bottom: 0; display: flex; justify-content: center; align-items: center; padding: 0; } .read-more-background a{ color: #000; } .read-more-btn { padding: 17px 45px; font-family: Inter; font-weight: 700; font-size: 18px; line-height: 16px; text-align: center; vertical-align: middle; border: 1px solid black; background-color: white; } .hidden { display: none; }
function initializeAllSwipers() { // Get all hidden inputs with cms_article_id document.querySelectorAll('[id^="cms_article_id_"]').forEach(function (input) { const cmsArticleId = input.value; const articleSelector = '#article-' + cmsArticleId + ' .body_images'; const swiperElement = document.querySelector(articleSelector); if (swiperElement && !swiperElement.classList.contains('swiper-initialized')) { new Swiper(articleSelector, { loop: true, pagination: false, navigation: { nextEl: '#article-' + cmsArticleId + ' .swiper-button-next', prevEl: '#article-' + cmsArticleId + ' .swiper-button-prev', }, }); } }); } setTimeout(initializeAllSwipers, 3000); const intersectionObserver = new IntersectionObserver( (entries) => { entries.forEach((entry) => { if (entry.isIntersecting) { const newUrl = entry.target.getAttribute("data-url"); if (newUrl) { history.pushState(null, null, newUrl); let article = entry.target; // Extract metadata const author = article.querySelector('.author-section').textContent.replace('By', '').trim(); const section = article.querySelector('.section-info ').textContent.replace(' ', ' '); const title = article.querySelector('.article-title h1').textContent; // Parse URL for Chartbeat path format const parsedUrl = new URL(newUrl, window.location.origin); const cleanUrl = parsedUrl.host + parsedUrl.pathname; // Update Chartbeat configuration if (typeof window._sf_async_config !== 'undefined') { window._sf_async_config.path = cleanUrl; window._sf_async_config.sections = section; window._sf_async_config.authors = author; } // Track virtual page view with Chartbeat if (typeof pSUPERFLY !== 'undefined' && typeof pSUPERFLY.virtualPage === 'function') { try { pSUPERFLY.virtualPage({ path: cleanUrl, title: title, sections: section, authors: author }); } catch (error) { console.error('ping error', error); } } // Optional: Update document title if (title && title !== document.title) { document.title = title; } } } }); }, { threshold: 0.1 } ); function showArticleBody(button) { const article = button.closest("article"); const summary = article.querySelector(".article-body-summary"); const body = article.querySelector(".article-body-preview"); const readMoreSection = article.querySelector(".read-more-background"); // Hide summary and read-more section summary.style.display = "none"; readMoreSection.style.display = "none"; // Show the full article body body.classList.remove("hidden"); } document.addEventListener("DOMContentLoaded", () => { let loadCount = 0; // Track how many times articles are loaded const offset = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]; // Offset values const currentUrl = window.location.pathname.substring(1); let isLoading = false; // Prevent multiple calls if (!currentUrl) { console.log("Current URL is invalid."); return; } const sentinel = document.getElementById("load-more-sentinel"); if (!sentinel) { console.log("Sentinel element not found."); return; } function isSentinelVisible() { const rect = sentinel.getBoundingClientRect(); return ( rect.top < window.innerHeight && rect.bottom >= 0 ); } function onScroll() { if (isLoading) return; if (isSentinelVisible()) { if (loadCount >= offset.length) { console.log("Maximum load attempts reached."); window.removeEventListener("scroll", onScroll); return; } isLoading = true; const currentOffset = offset[loadCount]; window.loadMoreItems().then(() => { let article = document.querySelector('#widget_1690 > div:nth-last-of-type(2) article'); intersectionObserver.observe(article) loadCount++; }).catch(error => { console.error("Error loading more items:", error); }).finally(() => { isLoading = false; }); } } window.addEventListener("scroll", onScroll); });
Join Our Newsletters

Sign up by email to receive news.

© 2025 Manila Bulletin The Nation's Leading Newspaper. All Rights Reserved.