Just in! GCash ditches SMS codes—In‑App OTPs start rolling out today

GCash announced that the company is rolling out in‑app One‑Time Passwords (OTPs) via push notifications starting June 22, 2026, to replace SMS‑based codes.

GCash's in‑app OTPs start rolling out today

GCash complies with the Bangko Sentral ng Pilipinas (BSP) directive

Why? The move aims to strengthen protection against phishing scams and financial fraud, ensuring safer transactions for millions of users.

The transition complies with the Bangko Sentral ng Pilipinas (BSP) directive under the Anti‑Financial Account Scamming Act (AFASA).

BSP requires all financial institutions to phase out SMS OTPs by June 30, 2026. This is a part of its broader efforts to curb digital fraud and reinforce cybersecurity safeguards.

Unlike SMS OTPs, which have long been exploited by scammers, in‑app OTPs are delivered securely within the GCash app. This ensures that only authenticated users can access the codes, reducing the risk of unauthorized account takeovers and eliminating exposure to phishing attempts.

Faster and more seamless transactions

The upgrade also improves user experience by enabling instant, one‑tap authentication. Users no longer need to switch apps, wait for text messages, or manually enter codes.

GCash encourages users to enable push notifications to avoid disruptions.

This rollout is part of GCash’s broader multi‑factor authentication strategy. Building on existing safeguards like KYC and facial recognition (Double Safe), In‑App OTPs add another layer of protection while maintaining convenience. 

How to turn on GCash In‑App OTP notifications?

• Update your GCash app to the latest version
• Open Settings on your phone, then go to Notifications.
• Find GCash under Notifications, then enable Banners, Sounds, and Badges.
• Tap GCash, then switch Allow Notifications to ON.

This ensures you'll receive secure In‑App OTPs directly within GCash.

Our upgrade to In-App OTPs is a strategic move to put an end to phishable SMS OTPs. We will shift users to instant, GCash app-verified authentication, to increase the security of their daily transactions, said Miguel Geronilla, Chief Information Security Officer of GCash. 

What do you guys think?