GCash

GCash is a Filipino mobile payments service owned by Globe Fintech Innovations, Inc. (doing business as Mynt), and operated by its wholly-owned subsidiary, G-Xchange, Inc.

Mynt is a joint venture between Ant Group, an affiliate company of the Alibaba Group who operates Alipay, the world's leading mobile and online payments platform; Ayala Corporation, one of the Philippines' largest and oldest business conglomerates; and telco giant Globe Telecom, through its corporate venture builder, 917Ventures.

As of May 2023, GCash claims to have 81 million active users and 2.5 million sellers and merchants across the Philippines.

Since GCash does not have bank status, the ₱500,000 protection of funds deposited in a bank by the Philippine Deposit Insurance Corporation is not available for e-money issuers.

History
GCash was launched in October 2004 as an SMS-based money to transfer service. It was Globe Telecom's answer to Smart Communications' Smart Padala which aimed to serve the majority of Filipinos who lacked access to formal banking services at the time. Users could convert their cash to e-money through cash-in and cash-out outlets like sari-sari stores with a transaction fee of ₱1.00.

GCash launched its mobile application in 2012 to shift from physical outlets to a digital cashless system. In 2017, GCash and its rival mobile wallet PayMaya, partnered with Facebook to offer its services within Facebook Messenger, but this partnership wouldn't last due to changes in Facebook's fintech strategy. GCash is still widely used payment method for physical outlet and offline-related services in the Philippines, particularly retail and events. As of 2022, there were an estimated 58 million active e-wallet users in the Philippines, with this number expected to reach 81 million by 2025.

From 2013 to 2020, GCash focused on bringing new features to its app including QR-based payments, mobile and gaming credit purchases, online checkout, barcode cash-in, bills payment, and the support for InstaPay which enabled interbank transfers. GCash also partnered with CIMB Bank Philippines for the pilot of GSave, a high-yield savings account. GSave would later evolve into GSave Marketplace with options between CIMB Bank Philippines, BPI, and Maybank Philippines.

In 2021, GCredit, a revolving mobile credit line initially powered by Fuse Lending was also transferred to CIMB Bank. GCash also revived its remittance service, now called GCash Padala, and made it available to non-app users through its 2,000 partner outlets nationwide.

GCash's parent company, Mynt, made history as the Philippine's first double unicorn when it announced that it raised $300M in funding last November 2021 at a $2B valuation. In an effort to further increase its footprint, GCash Jr., designed for users aged 7 to 17, was launched in 2022.

Service interruptions
During its hypergrowth stage from 2017 to 2020, GCash experienced multiple service interruptions lasting between one and eight hours. During every outage, users encountered transaction errors, including failed or delayed posting of payments, incorrect debits, and/or missing funds.

Some users also complained that their concerns were not sufficiently resolved by customer support, thus giving rise to Facebook and Viber groups which served as a platform for customers to help and ask for help from other users. An episode of the segment "Tapat Na Po" from TV Patrol Weekend also tackled complaints about GCash blocking account access for some people without providing any reason.

There have also been reports of fraud and scams that specifically targeted GCash users, most notably involving phishing activities. In response, GCash launched "Double Safe" in 2023 which requires facial identification from customers.

2023 unauthorized transactions
GCash's most notable scandal was on May 8, 2023, when hundreds of users, including notable personalities such as comedian Chad Kinis and Laban TNVS President Jun De Leon, reported missing funds from unauthorized bank transfers. By midnight of May 9, the GCash app had abruptly shut down and a full-banner error message that read "We're just working on improving your experience. Rest assured that your funds are safe" was displayed.

Around 300 victims formed a group chat and alleged hacking, but GCash denied that such an incident occurred and stuck to the same messaging that all funds were secure, even after its own admission that sums of money were funneled by an undisclosed malicious actor to two accounts in EastWest Bank and Asia United Bank without customer permission. In a statement, GCash wrote:"Some customers may have experienced a deduction in their GCash accounts. We extended our scheduled maintenance to investigate and determined that no hacking occurred."As of 4:00 pm PHT of May 9, GCash said it has already adjusted the balance of affected users, and added that the app is operational again after an hours-long downtime. Users and government regulators remained unhappy without the public disclosure of a comprehensive investigation's findings. House Deputy Minority Leader Bernadette Herrera-Dy of Bagong Henerasyon filed House Resolution No. 963 which seeks for a congress-led probe because she was not satisfied with GCash's non-explanation of what caused the anomalous transactions.

The Cybercrime Investigation and Coordinating Center, an attached agency of the Department of Information and Communication Technology, probed the incident and requested a meeting with executives from the mobile wallet's operator. The National Privacy Commission mentioned that they, too, will be conducting an independent assessment to determine a potential data breach that may have resulted to unauthorized fund transfers.

On May 24, 2023, The National Privacy Commission concluded its extensive investigation into the reported unauthorized transactions involving multiple GCash accounts. After careful examination and independent verification of the incident, the NPC confirmed that the security breach resulted from the utilization of “phishing” attacks. According to the Privacy Commissioner, John Henry Du Naga, "Unknown threat actors took advantage of vulnerable GCash users, triggering the phishing scheme through online gambling websites such as 'Philwin' and 'tapwin1.com'".