Manila, Philippines — GCash, the country’s leading finance superapp, is rolling out In-App OTPs (One-Time Passwords), enabling users to receive OTPs directly within the app by the first quarter of 2026. This upgrade replaces traditional SMS-based OTPs, which have been vulnerable to phishing and account takeover attempts.
The new system sends OTP requests securely to the authenticated GCash app, ensuring that only the intended user can access them. It also streamlines transactions with one-tap authentication, eliminating the need to switch apps or wait for messages.
“Our upgrade to In-App OTPs is a strategic move to put an end to phishable SMS OTPs,” said Miguel Geronilla, Chief Information Security Officer of GCash. “This will increase the security of daily transactions while keeping the process seamless for our users.”
The feature is part of GCash’s broader Multi-Factor Authentication (MFA) strategy, which includes facial recognition and Know-Your-Customer verification, adding layers of protection without complicating the user experience.
In-App OTPs reaffirm GCash’s commitment to delivering secure, convenient, and seamless digital financial services to millions of Filipinos, setting a new benchmark for security in the country’s cashless ecosystem.
