MANILA, PHILIPPINES – GCash, the country’s number one finance super app and largest cashless ecosystem, has become the first fintech company in the Philippines to be awarded dual ISO certifications for Information Security Management (ISO/IEC 27001) and Privacy Information Management (ISO/IEC 27701).
The milestone follows a rigorous independent audit conducted by the British Standards Institution (BSI) – a globally recognized standards and business improvement organization serving more than 84,000 clients worldwide. The simultaneous certification marks GCash as a pioneer in safeguarding digital financial services, underscoring its commitment to security, transparency and trust for over 94 million users.
“These ISO certifications are external validations of our internal belief that we must always operate with the highest integrity and discipline by integrating security and privacy into every aspect of our operations and innovations,” said Pebbles Sy, GCash chief technology and operations officer.
BSI country managing director Ava Taniajura added, “These certifications have equipped GCash with a significant advantage in safeguarding against potential threats. GCash has implemented comprehensive systems and controls to ensure the utmost security and confidentiality of its users’ personal information.”
In an era where financial platforms face growing cyber risks, these certifications signal GCash’s leadership in embedding a culture of security across all levels of its operations.
ISO/IEC 27001 is the globally recognized standard for information security management systems, ensuring that GCash follows a systematic approach to handling sensitive data. Complementing this, ISO/IEC 27701 focuses on personal data protection – ensuring compliance with international and local privacy laws, including the Philippine Data Privacy Act and the EU’s General Data Protection Regulation (GDPR).
“The reality is that financial services are now frontlines in the battle for data protection,” said GCash VP and group data protection officer Atty. Rob Real. “Our approach combines legal compliance with technology-enabled governance to stay ahead of increasingly complex threats.”
The certification process required GCash to align its policies, internal audits, employee training, and data processing protocols with globally accepted standards in information security and data privacy.
The milestones come as Southeast Asia experiences a surge in cyberattacks, driven by the expansion of e-commerce, digital banking, and AI-powered fraud. In the Philippines, regulators have repeatedly warned of phishing schemes, social engineering, and synthetic identity fraud targeting mobile wallet users.
The multi-layered security strategy of GCash includes AI-driven fraud detection, biometric authentication, device binding, and 24/7 monitoring through its internal Security Operations Center. The company also works closely with regulators, law enforcement, and the banking sector to share threat intelligence and enhance consumer protection.
As cyberthreats continue to evolve, the long-term security strategy of GCash remains focused on strengthening both its technological defenses and user education, ensuring resilience and reliability as digital adoption accelerates across the country.
For more information, visit www.gcash.com.
