 |
The
transition aligns with the Bangko Sentral ng Pilipinas (BSP) directive under
the Anti-Financial Account Scamming Act (AFASA) to reinforce user security
GCash, the Philippines’ leading finance super
app and largest cashless ecosystem, is set to roll out its In-App One-Time
Passwords (OTPs) feature by June 22, replacing SMS-based authentication as part
of its strengthened cybersecurity measures against phishing scams and financial
fraud. As GCash transitions to In-App OTPs,
users are encouraged to ensure that push notifications are enabled to avoid any
disruption on transactions and account activities.
With this latest security enhancement, users
now receive their OTPs through secure push notifications directly within the
app, providing a safer and more seamless verification experience.
This move by the country’s leading finance
super app complies with the directive of the Bangko Sentral ng Pilipinas to
phase out SMS-based OTPs by June 30, 2026. The measure aligns with the
Anti-Financial Account Scamming Act (AFASA), which aims to strengthen
cybersecurity safeguards and curb the growing incidence of digital fraud.
For years, SMS-based OTPs have been targeted
by scammers as a means of accessing user accounts. The switch to In-App OTPs is
an important step toward addressing these vulnerabilities. By sending OTP
requests directly to the user’s authenticated GCash app, GCash ensures that
only the intended users can receive and use the unique OTPs, protecting them
from unauthorized access.
Instant, one-tap authentication also removes
the need to switch apps, type codes, or wait for text messages to arrive,
resulting in faster transactions and removing exposure to SMS OTPs that
scammers and fraudsters can exploit.
“Our upgrade to In-App OTPs is a strategic
move to put an end to phishable SMS OTPs. We will shift users to instant, GCash
app-verified authentication, to increase the security of their daily
transactions,” said Miguel Geronilla, Chief Information Security Officer of
GCash.
The introduction of In-App OTPs is part of
the broader strategy of GCash to enhance security through Multi-Factor
Authentication (MFA), a well-established industry standard that adds multiple
layers of protection when accessing an account. MFA greatly reduces the risk of
account takeovers, even if passwords or MPINs are compromised.
GCash has consistently invested in stronger
protection systems, including Know-Your-Customer (KYC) verification and Facial
Recognition verification (Double Safe). In-App OTPs build on these existing
measures, enhancing security without adding unnecessary friction to the user
experience.
As digital scams continue to
evolve, GCash remains committed to proactively enhancing platform security and
setting higher standards for safe and secure digital finance in the
Philippines.
For more information, visit www.gcash.com.
0 Comments