GCash, the Philippines’ leading finance superapp and largest cashless ecosystem, is rolling out its newest security feature, In-App OTPs (One-Time Passwords). By the first quarter of 2026, users will receive their OTPs directly via secure push notifications within the GCash app instead of SMS.

For years, SMS-based OTPs have been targeted by scammers as a means of accessing user accounts. The switch to In-App OTPs is an important step toward addressing these vulnerabilities. By sending OTP requests directly to the user’s authenticated GCash app, GCash ensures that only the intended users can receive and use the unique OTPs, protecting them from unauthorized access.

Instant, one-tap authentication also removes the need to switch apps, type codes, or wait for text messages to arrive, resulting in faster transactions and removing exposure to SMS OTPs that scammers and fraudsters can exploit.

“Our upgrade to In-App OTPs is a strategic move to put an end to phishable SMS OTPs. We will shift users to instant, GCash app-verified authentication, to increase the security of their daily transactions,” said Miguel Geronilla, Chief Information Security Officer of GCash.

The introduction of In-App OTPs is part of the broader strategy of GCash to enhance security through Multi-Factor Authentication (MFA), a well-established industry standard that adds multiple layers of protection when accessing an account. MFA greatly reduces the risk of account takeovers, even if passwords or MPINs are compromised.

GCash has consistently invested in stronger protection systems, including Know-Your-Customer (KYC) verification and Facial Recognition verification (Double Safe). In-App OTPs build on these existing measures, enhancing security without adding unnecessary friction to the user experience.

In-App OTPs reflect commitment of GCash to providing secure, seamless financial services for its millions of users and set a new benchmark for digital finance security in the Philippines.

For more information, visit www.gcash.com.