GCash Shifts to In-App OTPs, Replacing SMS Ahead of BSP AFASA Deadline
Philippine mobile wallet GCash will replace SMS-based one-time passwords (OTP) with in-app OTPs via push notifications starting June 22, 2026. The move is designed to reduce phishing risk and prevent unauthorized financial account takeovers.
GCash Chief Information Officer Miguel Geronilla said the upgrade will end “phishable SMS OTPs.” Users will need to enable device-level push notifications so transaction processing and account activities are not disrupted. GCash frames the change as a security architecture upgrade that sends authentication requests to an active, validated application session—limiting OTP/token access to the authorized device owner.
The rollout comes ahead of a June 30, 2026 deadline set by the Bangko Sentral ng Pilipinas (BSP) under the Anti-Financial Account Scamming Act (AFASA). The law requires supervised financial institutions to adopt fraud management alternatives or supplementary controls instead of traditional text-based OTP codes.
GCash says the in-app OTPs feature integrates with existing security measures, including KYC (Know-Your-Customer) identity verification and facial recognition protocols.
Corporate context: GCash is operated by G-Xchange, Inc., a wholly owned subsidiary of Globe Fintech Innovations Inc. (Mynt). The article also notes Mynt’s first-quarter 2026 equity earnings increase from Mynt to 1.9 billion pesos (up 8%), and that Mynt’s board and shareholders approved filings for a potential IPO with the SEC and the Philippine Stock Exchange.
For crypto traders, this is a payments-security update rather than a market-structure change, but it may slightly improve user trust and reduce scam-linked friction for regulated wallet access.
Neutral
This is a regulated payments-security change: GCash is moving from SMS OTPs to in-app OTPs via push notifications to comply with BSP’s AFASA anti-scam deadline. It targets fraud/phishing risk, not crypto assets or on-chain market mechanics. As a result, the direct impact on BTC/ETH liquidity, volatility, or derivatives positioning is likely limited.
In the short term, traders typically focus on asset price catalysts (ETF flows, macro, protocol upgrades). A wallet authentication change can marginally affect sentiment around regulated on-ramp reliability, but it usually does not trigger broad market repricing.
Over the longer term, improved account security can reduce scam-driven churn and maintain steadier access to fiat on-ramps. That can indirectly support user activity tied to exchanges or crypto services in the region. Still, without explicit changes to trading rules, fees, or crypto product availability, the expected market effect remains neutral.
Similar historical patterns: security hardening and MFA changes by major fintech rails tend to be absorbed as background compliance updates, with benefits showing up as reduced fraud incidents rather than immediate price moves.