GCash to launch in-app OTPs starting June 22 to combat scams
GCash will begin rolling out in-app one-time passwords (OTPs) on June 22, replacing SMS-based verification codes for eligible users as part of a broader effort to strengthen account security.
Under the new system, authentication requests will be generated and delivered directly within the GCash app instead of through text messages. Users will no longer need to wait for an SMS OTP when confirming certain transactions or account activities.
The company said the change is designed to address scams that rely on obtaining OTPs from users. In recent years, fraudsters have used phishing websites, fake customer support accounts, spoofed text messages, and social engineering tactics to convince victims to reveal verification codes. Once an OTP is shared, scammers can use it to gain access to accounts or authorize unauthorized transactions.
GCash noted that SMS-based authentication remains vulnerable because verification codes travel through mobile networks and depend on a user’s phone number. Criminals have increasingly targeted phone numbers through SIM-related attacks and impersonation schemes, making SMS OTPs a frequent target in financial fraud cases.
By moving verification directly into the app, GCash aims to keep authentication within a more controlled environment. The company said in-app OTPs are harder for scammers to intercept and remove the need for users to manually copy and enter codes received through text messages.
The rollout will happen gradually beginning June 22, with the feature becoming available to users in phases. GCash advised customers to keep their apps updated to ensure access to the new security feature once it reaches their accounts.
The move adds another layer to the platform’s existing security measures as digital scams continue to evolve. Rather than relying on text messages for authentication, GCash is shifting a key part of the verification process into the app itself, where it has greater control over how security requests are delivered and confirmed.
