There are over 51 million Filipinos who now use GCash. As the population of users grows, one of the main concerns we need to tackle is security.
Overall, GCash is a safe and secure way to conduct mobile financial transactions. It has loads of security features such as MPIN, OTP, fingerprint login, and face recognition. Furthermore, the app will also notify its user of every transaction made by their account through SMS. This is to monitor any fraudulent activities that may occur.
In this post, let us answer some of the most common questions when it comes to GCash’s safety and security.
1. Is GCash legit?
The majority of us think that GCash is primarily under Globe Telecom. Well, there is some truth to it.
GCash is a legal entity owned by Mynt — a partnership between established companies, namely Globe Telecom, Ayala Corporation, and the Ant Group. It was introduced in 2004 and has garnered many awards over the years, including being the Outstanding Partner for Innovative Financial Services by BSP (central bank of the Philippines) in 2019.
Knowing the legitimacy and the companies behind GCash is vital since it is no longer just an e-wallet. The app now encourages us to put a larger amount of money into its service by offering saving and investing features. Learning that GCash is backed by reputable and reliable organizations gives us peace of mind in entrusting them with our hard-earned money.
- Globe Telecom — One of the largest telecommunications companies in the Philippines. It now has an 84 million subscriber base.
- Ayala Corporation — A company with a diverse business portfolio. It has assets of over $48.7 billion.
- Ant Group — An affiliate of the Alibaba Group. It owns Alipay, China’s largest digital payment platforms which empowers a billion users and 80 million merchants.
2. Can GCash Get Hacked?
Being hacked means having unauthorized access to your GCash account.
GCash is generally almost impossible to hack due to its sophisticated security features. MPIN, OTP and biometric login are some preventive barriers in the app. These significantly lessen the chances of hackers gaining access to its users’ accounts. If all else fails, GCash has a Customer Protect program that resolves unauthorized transactions.
GCash’s security features
Mobile banking personal identification number (MPIN) | Your unique 4-digit number combination. Used to access the app or validate a transaction. |
One-time password (OTP) | A system-generated code which is sent to your mobile phone to confirm a transaction. The code is valid for 5 minutes and can only be used once. |
Security questions | A series of questions to verify the authenticity of the user. Designed to recover forgotten or lost MPINs. |
Biometrics login | Using the phone’s fingerprint sensor to log in. |
Face recognition | Using facial recognition to log in. |
Account recovery | It helps regain access if you get locked out of your account. |
Customer Protect | Resolves unauthorized transactions made by your account due to technical errors or glitches. |
Can someone access my GCash account?
You bet.
With all GCash’s security features, it is still possible for someone to access your account if they were able to get your sensitive data like the MPIN. It is encouraged to reinforce your account’s security measures by setting up your biometrics, facial recognition, and security questions. It also pays to be vigilant against suspicious messages and links.
3. Can GCash be scammed?
Here is the truth: the biggest weakness of GCash is… are you ready for this? Its users.
Most of the vulnerabilities encountered in GCash were due to scams. Many users fell for fake agents, messages, links, and products which made them disclose their MPIN and OTP. GCash has already developed reliable security measures, being scammed is the user’s personal responsibility. They must never share any sensitive information with anyone.
If you have not heard about it, there is a singer named Ronnie Liang who was scammed by a fake GCash agent. Based on his Facebook post, it seems he was initially looking for assistance on a particular transaction via GCash’s Twitter account (which is fake). Instead of getting help, the scam artist was able to manipulate him to disclose his MPIN and OTP, and the rest was history. The fraudster was able to take thousands from his account, according to Ronnie.
What do you think? Was this GCash’s fault? Anyway, here are the top five GCash scams we must watch out for — and what are the dos and don’ts — according to walastech.com:
- GCash customer service
Don’t seek help in any GCash social media accounts or messengers.
Do use the in-app Help and Support to submit a ticket or request a live chat. You can also call 2882.
- Phishing links — these are messages pretending to be GCash.
Don’t click or respond to any of these emails or text messages.
Do ignore these type of outreach.
- Spoofing messages — best described as a level-up version of phishing links. These messages may look like the real thing.
Don’t act impulsively.
Do check, inspect, and validate first before making an action.
- GCash Mastercard resellers
Don’t buy any product from unauthorized/unofficial GCash channels.
Do order your Mastercard via the GCash app.
- People asking for your MPINs
Don’t give any information especially your MPINs to anyone. Even GCash representatives will never ask for your MPIN.
Do keep your MPINs as a top secret.
Can someone steal money from Gcash?
Based on what we have learned so far:
It is possible for someone to steal money from your GCash account. That is if you would allow them to. Money stolen from a GCash account is less about the insufficiency of security features and more about the lack of care about your sensitive data. Be sure to be vigilant and acknowledge there are people out there who are trying to steal money from others.
4. Can GCash refund scammed money?
Getting scammed money back in GCash is a bit tricky.
GCash will refund confirmed unauthorized transactions through fund insurance, as stated in their Customer Protect program. Basic users can get back up to Php 2,000, while fully verified users are given up to Php 100,000. Yet, this is only valid for system-related errors. Scam, such as a seller fails to deliver or MPINs being shared, is not covered.
GCash’s Customer Protect program
Here are the details of GCash’s Customer Protect program
Features
- Advanced risk management — a system to detect and prevent fraudulent activities.
- Fund insurance — recovers money loss due to unauthorized transaction once proven eligible.
- Prioritized handling — for faster response time.
Covered
- Unauthorized transactions — any payment or activity the user did not authorize.
Note: sharing of MPIN or OTP by any means is considered as an authorized transaction. - Failed transactions — if fund transfers didn’t push through.
- When money was not transferred.
- When the amount or balance was wrong.
Not covered
- Successful money transfer, but the seller did not fulfill delivery of goods or services.
- Transactions authorized by your MPIN or OTP.
I appreciate GCash’s Customer Protect program because it not only protects its users but GCash itself as well. As a business person, I understand where the company behind the app is coming from. It needed to find the proper balance between protecting its customers and their business.
Here are two points:
- GCash transfers real money from your account like a debit card. In short, payments are as good as cash. It would be difficult for them to give a refund, especially when the scammer has already withdrawn it from their accounts. This would mean they need to give your money back from their own pockets. That is the reason why they use fund insurance instead of fund reversal when giving refunds.
- GCash has already put all the necessary security measures in place to make every deal secure. They sure need to give refunds for money loss if it was a result of an error in their app. But do you think it is fair if they were to remain liable for bad transactions due to its users’ negligence and irresponsibility? Furthermore, if GCash is not careful, scam artists can also exploit it to extort money from them. They can simply make false reports of being scammed to make GCash “refund” their money.
Can I get my money back if I have sent it to the wrong account?
Again, based on what we have learned so far:
GCash does not refund authorized transactions based on their Customer Protect program. Authorized transactions are any transfers made that are validated by a mobile PIN (MPIN) or a one-time password (OTP). The ideal way to get your money back is to request it from the person you wrongly sent the money to.
As with being scammed, we cannot expect GCash to return our money or be held liable for our mistakes. We should be cautious and take full responsibility for our own transactions.
5. How to secure my GCash account?
Here are ten tips to secure your GCash account and your transactions:
- Never share your sensitive information to anyone, such as MPIN, OTP, name, address, and birthdate.
- Get your GCash account fully verified.
- Be cautious when dealing with unknown sellers.
- Do not click or respond to any suspicious links or messages.
- Activate biometrics or face recognition login.
- Do not use your birthdate as your MPIN.
- Deal only with legitimate merchants as much as possible.
- Do not put all your money in GCash.
- Only transact via official GCash channels.
- Always double-check the recipient’s number before sending the payment. Better yet, pay via QR code.
Bonus: If you are making a big purchase, use a credit card instead. Credits are easier to dispute and file for a refund if the seller is a fraud.
Closing thoughts
In general, GCash is a safe and convenient way to send and receive money. But we should also do our part in keeping our transactions secure.