GCash to End SMS OTPs; Shift to In-App Authentication June 22

GCash to Kill SMS OTPs: Mandatory Shift to In-App Authentication Starts June 22

GCash is officially phasing out traditional SMS-based One-Time Passwords (OTPs). Starting June 22, 2026, the country's leading e-wallet will fully transition to In-App OTPs, delivering verification codes via secure, instant push notifications directly inside the application.

GCash to End SMS OTPs: Shift to In-App Authentication June 22

This mandatory upgrade is a direct compliance measure with the Bangko Sentral ng Pilipinas (BSP) directive under the Anti-Financial Account Scamming Act (AFASA), which orders all financial institutions to eliminate highly vulnerable text-based OTPs by June 30, 2026.

If you are one of the 94 million registered GCash users in the Philippines, here is everything you need to know about this major security transition.

Why GCash is Dropping SMS OTPs

For years, cybercriminals have targeted mobile networks to intercept text messages. Traditional SMS verification travels through standard cellular frequencies, leaving users vulnerable to advanced cyberattacks:

• Phishing & Spoofing: Fraudsters impersonating official GCash channels to trick users into giving away their text codes.
• SIM-Swap Fraud: Attackers illegally duplicating a victim's SIM card to hijack their network traffic and steal verification codes.
• 2G Network Hijacking: Illegal use of portable cell-site simulators (IMSI-catchers) around Metro Manila to intercept unencrypted text data.

By moving authentication entirely within its own encrypted platform, GCash removes these external network vulnerabilities.

See Also: GCash Launches First Physical Central Hub at TriNoma: Face-to-Face Customer Support, Instant Cards, and Massive Raffle Promos

The Technical Upgrade: What Changes?

The upgrade shifts the e-wallet into an industry-standard Multi-Factor Authentication (MFA) framework. Instead of waiting for a text message to arrive, your identity is verified directly through the app environment.

GCash Old System vs In-App OTP

Offline/Remote Advantage: Because In-App OTP relies on internet data rather than cellular reception, this transition heavily benefits users in remote areas utilizing satellite internet (like Starlink) or overseas workers (OFWs) who travel without active local roaming.

How to Prepare Your Account to Avoid Disruptions

Because this rollout is mandatory, failing to configure your device will lead to transaction failures once the June 22 deadline hits.

1. Update the GCash App

Required
Open the Google Play Store, Apple App Store, or Huawei AppGallery. Ensure your GCash app is updated to the latest version to support the encryption protocols.

2. Enable Device Push Notifications

Critical Step
Go to your phone's Settings > Apps > GCash > Notifications. Ensure that "Allow Notifications" is toggled ON. If disabled, you will not receive transaction prompt windows.

3. Test the System

Verification
Open your app, complete a micro-transaction (like a minor Express Send or Load purchase), and verify that the authentication box prompts natively inside the user interface rather than arriving via your default text messaging app.

The Bottom Line

According to GCash Chief Information Security Officer Miguel Geronilla, this strategic move aims to put a definitive end to "phishable" authentication methods. Even if a bad actor manages to compromise your account password or MPIN, they cannot gain unauthorized access or initiate account takeovers unless they physically possess your verified hardware device.

Ensure your smartphone settings are updated before June 22 to guarantee seamless, uninterrupted daily transactions.