One of the biggest complaints GCash has gotten over time was the manual input of the MPIN. Since the MPIN was only 4 digits, it was also easy to remember, and easy to take advantage of especially when it comes to scams.
This is why there are one-time passwords (OTP) implemented aside from an MPIN. This is to make it harder for someone to get into your account as it needs the actual phone (and SIM card) at hand to verify yourself.
It would make it harder for scammers to get into your account as they would need to ask for not only the MPIN but also need to ask for the OTP. But even with this added complexity, there are still lots of people scammed every day.
Recently, a GCash update allows biometric logins like fingerprint and face recognition, similar to Maya. This makes it easier for a user to log in as they can forego inputting the MPIN.
Table of Contents
How secure is using your fingerprint or face ID to log in?
Logging in is definitely easier now using your biometrics. However, remember that this does not make your GCash account more secure. In some cases, you may have added a way hackers can use to circumvent your account.
For fingerprint recognition, there are databases of fingerprints somewhere out there. An example is when we registered to vote we gave COMELEC our fingerprint data, which eventually got leaked. Even though the leaked fingerprint data cannot be used, it just shows how easily third parties can compromise your personal data.
As for facial recognition, there are ways to fool your phone — one is having a look-alike log-in on your behalf. Perhaps your siblings can look like you a lot. Or another way is to show the camera a picture of your face during a close-up. And it’s easy to get those, especially if your social media accounts are public and your posts are full of selfies.
Biometrics are great since they are unique to every individual, however, this uniqueness can also be used against it. We cannot change our fingerprints or our faces. And so the best way to secure your account is by being vigilant. Scammers can still fool you into giving your MPIN and OTP even with the biometrics login enabled.
How can I enable Biometrics Login?
Before you can enable this, you first need to register biometrics into your phone. This involves registering either your face or your fingerprints in Settings. Here is a detailed guide to setting it up for both Android and IOS.
After a recent update, when logging into your GCash app, it will ask you if you want to enable Biometrics Login:
Manually Enabling Biometrics Login within GCash
- Go to Settings from the Sidebar. Click on Biometrics Login.
- Tick on the “Enable Biometrics Login”.
- A page will display waiting for your OTP. Input your OTP once it arrives.
- Once done, you can now see the “Login with Biometrics” link on the login page. If you have registered your face login, you can log in by showing your face on your phone’s selfie camera, without using your fingerprint.
- If your biometrics didn’t read correctly 3 times, the login would revert to MPIN input.
If I have multiple GCash accounts on my phone, does this mean that enabling biometrics for one account enables it for all?
No, it only works for one account. Once you change the number and enable biometrics for that, the setting is enabled for that account only.
What is Double Authentication?
Double Authentication is a security feature in GCash that prevents account takeovers by getting your selfie and comparing it with the selfie you provided during verification.
This is a result of a glut of scams perpetuated in social media and SMS. Alongside the masking feature for Send Money, this heightens the account security for all users moving forward.
This facial recognition only triggers when you log in from a different phone you’ve used previously. If the recognition fails 5 times, you will not be able to access your account. You will need to file a ticket to Help Support to prove your identity.
This step goes between the input of OTP and MPIN during the changing number step.
What happens if the Selfie Recognition fails during Double Authentication?
You need to repeat the selfie a total of 5 times. If the recognition still fails, you would need to contact Help Support to unlock your account and validate your identity.
What is Face Verify?
This feature has also been rolled out in conjunction with DoubleSafe. Basically, when you trigger an MPIN reset, instead of using account recovery questions, it now asks for your selfie instead and an OTP.
Your Account Recovery questions are still saved in your account, in the case when additional verification is needed.
GCash has made logging in more effortless with the biometrics login. However, it does not make your account more secure. You can still be scammed using your MPIN and OTP. Double Authentication has reduced this risk, however, security is only as strong as the weakest link. And vigilance is still the best security measure.
I have a new e-commerce site where you can buy some e-books here: GCR Prime
After reading about what GCash is, here are the main GCash features: