A shift in how security codes reach mobile wallet users is now underway, with GCash introducing in-app delivery of one-time passwords for account access and transactions.
Under the update, users can receive their OTPs directly inside the GCash application instead of through text messages. The feature requires push notifications for GCash to be enabled on the user’s device.
The company said the change addresses a common vulnerability exploited by scammers, particularly those who intercept or deceive users into sharing OTPs sent via SMS. “By sending OTP requests directly to the user’s authenticated GCash app, GCash ensures that only the intended users can receive and use the unique OTPs, protecting them from unauthorized access,” the e-wallet said.
Beyond security, GCash noted that the new setup simplifies the authentication process. Receiving OTPs within the app removes the need to switch between applications, manually input codes, or wait for delayed text messages, which the company said results in quicker transactions.
The move comes amid broader discussions on improving digital payment security in the Philippines. In June, the Bangko Sentral ng Pilipinas encouraged banks and financial institutions to explore alternatives to traditional OTP-based multi-factor authentication.
Similar approaches have already emerged in the private sector. In November, PLDT Enterprise introduced SmartSafe, a system designed to verify online transactions without relying on one-time passwords.
