GCash to Replace SMS Codes with In-App OTP

GCash is enhancing its security protocols by rolling out in-app One-Time Passwords (OTPs), a move designed to replace traditional SMS-based authentication.

By the first quarter of 2026, the finance superapp expects users to receive OTPs directly via secure push notifications within the application rather than through text messages.

The transition aims to address vulnerabilities associated with SMS, which scammers have frequently targeted to gain unauthorised access to user accounts.

Sending authentication requests directly to the verified GCash app guarantees that only the true account owner receives and uses the unique codes.

This new feature also promises a smoother user experience. Users will no longer need to switch between apps or manually input codes, allowing for instant, one-tap authentication.

Miguel Geronilla, Chief Information Security Officer at GCash, described the upgrade as a strategic step to eliminate “phishable” SMS OTPs.

The introduction of in-app OTPs is part of GCash’s broader strategy to implement Multi-factor Authentication (MFA).

This adds to existing protection measures such as Know-Your-Customer (KYC) verification and the ‘Double Safe’ facial recognition system.

These layers of security work together to reduce the risk of account takeovers, even in events where passwords or MPINs are compromised.

Featured image by GCash.

The post GCash to Replace SMS Codes with In-App OTP appeared first on Fintech News Philippines.