GCash is rolling out a new security feature that replaces SMS-based one-time passwords (OTPs) with In-App OTPs starting June 22, 2026. The move aims to improve security and protect users from scams and fraud.
The change comes in line with the Bangko Sentral ng Pilipinas (BSP) directive under the Anti-Financial Account Scamming Act (AFASA), which requires financial platforms to phase out SMS OTPs by June 2026.
SMS OTPs have long been vulnerable to phishing and SIM-swap attacks, making them a weak link in digital security.
With In-App OTPs, users will now receive secure push notifications directly inside the GCash app. This means no more waiting for text messages or switching between apps. Authentication becomes instant, with one-tap approval for transactions.
GCash says the upgrade is part of its broader multi-factor authentication (MFA) framework, which already includes Know Your Customer (KYC) verification and facial recognition (DoubleSafe).
Also Read: What to do if you sent GCash or Maya to the wrong person
GCash remains the country’s leading finance super app, offering payments, transfers, savings, credit, insurance, and investments.
How to activate In-App OTPs
Turn on push notifications for GCash to receive OTPs.
Enable Notifications on iOS
- Go to Settings → Notifications → GCash
- Tap Allow Notifications
- Enable Banners, Sounds, and Badges
Enable Notifications on Android
- Go to Settings → App List → GCash → Notifications
- Tap Allow Notifications
- Ensure alerts are enabled for all transaction types
