Digital fraud has evolved from technical exploits into psychological manipulation, targeting not just systems but human trust itself. Financial institutions face mounting pressure to respond with defenses that can learn, adapt, and scale in real time. At the recent Risk.net–AWS conference, GCash demonstrated how it is meeting this challenge, unveiling its multi‑layered, AI‑powered security strategy to protect millions of Filipinos from the next wave of scams.
During the conference, which focused on ‘Driving AFASA Compliance Through Advanced Fraud & FinCrime Detection’, hosted by Risk.net and Amazon Web Services (AWS) at Seda Hotel BGC in Manila, industry experts, from chief risk officers and compliance heads to security leaders and key stakeholders, gathered together to discuss how to operationalize the strengthened controls of the Anti‑Financial Account Scamming Act (AFASA), or Republic Act No. 12010 — a landmark law designed to combat the surge of financial cybercrimes such as phishing, smishing, and money muling.
From left to right: GASA Security Governance Director Mel Migrino, PayMongo Chief risk and compliance officer Josh Quinto, Maya Compliance Management Head Mark Talib, and GCash chief risk officer Ingrid Beroña.
GCash participated as one of the key speakers, with its Chief Risk Officer, Ingrid Beroña, joining the panel discussion on "Addressing Real-Time Fraud Detection, Authentication and Financial Crime Under AFASA's Circular 1213," where she led critical conversations on emerging fraud scenarios, AI-powered detection technologies, and the company's risk-based approach to compliance. She was joined by fellow leaders in the fintech landscape from Paymongo, GASA Philippines, and Maya.
When fraudsters weaponize AI
"AI-generated phishing and smishing are the biggest problems across different services that we have," Beroña shared. "Fraudsters are now able to craft phishing messages, even translating them into different languages and dialects."
The threat is amplified for the Philippines, which is one of the world's top social media adopters according to the Digital 2024 and 2025 Global Overview Reports by We Are Social and Meltwater. Large-scale social engineering campaigns deploy bots across platforms, while fake pages and merchants impersonate legitimate services with near-perfect accuracy.
As fraudsters weaponize AI, GCash has designed its defenses around four adaptive pillars. It begins with behavioral biometrics that screen user networks, paired with payload systems that monitor massive transaction volumes in real time. On top of this foundation sits adaptive risk profiling, tailoring security to each user. These controls are then scaled through a cloud‑based architecture capable of protecting millions of GCash user accounts simultaneously. Finally, the system continuously profiles consumer behavior, adjusting security controls in response to evolving activity patterns and transaction histories.
Furthermore, the GCash approach to AFASA ensures that the company is continuously working closely with fraud and cyber teams, AML specialists, and legal counsel while embedding AFASA discipline across the organization.
Strengthening ecosystem-wide defenses
The conference also highlighted how Circular 1213 strengthens controls across real-time fraud detection, identity integrity, authentication security, customer-protection alerts, and financial-crime monitoring, addressing how fraud and scams have evolved from isolated incidents to a regional crisis demanding coordinated response.
The conversations at the Risk.net and AWS event underscored a fundamental shift in how financial institutions must approach security. For GCash, having the largest digital ecosystem in the country means protection embedded at every layer, from onboarding through every transaction, continuously profiling behavior, and adjusting security controls based on risk. Technology that scales to handle massive volumes while maintaining the intelligence to identify subtle anomalies. It means security and privacy by design, not bolted on after the fact.
By anchoring security strategies in the realities of today's threat landscape rather than yesterday's playbooks, GCash continues building fraud prevention capabilities that protect users without compromising the seamless digital experience that drives financial inclusion.
For more information, please visit www.gcash.com.
About Mynt
Mynt is the first and only $5 billion unicorn in the Philippines. It's a leader in mobile financial services focused on accelerating financial inclusion through mobile money, financial services, and technology. Mynt operates two fintech companies: GXI, the mobile wallet operator of GCash — the #1 Finance App in the Philippines, and Fuse Lending, a tech-based lending company that gives Filipinos access to microloans and business loans.
About GCash
GCash is the Philippines’ #1 Finance App and Largest Cashless Ecosystem. Through the GCash App, users can easily purchase prepaid airtime; pay bills via partner billers nationwide; send and receive money anywhere in the Philippines, even to other bank accounts; purchase from over 6 million partner merchants and social sellers; and get access to savings, credit, loans, insurance and invest money, and so much more, all at the convenience of their smartphones. GCash’s mobile wallet operations are handled by G-Xchange, Inc. (GXI), a wholly-owned subsidiary of Mynt, the first and only duacorn in the Philippines.
Mynt and GCash are staunch supporters of the United Nations Sustainable Development Goals (SDGs), particularly UN SDGs 5,8,10, and 13, which focus on safety & security, financial inclusion, diversity, equity, and inclusion as well as taking urgent action to combat climate change and its impacts, respectively.
For more information, please contact:
Bruce Rodriguez, Head of Business Communications
Corporate Communications
Legal Disclaimer & Safe Harbor Statement
This press release is for informational purposes only and does not constitute, or form part of, any offer, solicitation, or invitation to sell, issue, purchase, or subscribe for any securities in the Philippines, the United States, or any other jurisdiction. No securities of Mynt, Inc. have been or will be registered under the U.S. Securities Act of 1933, as amended, and such securities may not be offered or sold in the United States absent registration or an applicable exemption from registration requirements. There will be no public offering of the securities of the Company in the United States. No money, securities or other consideration is being solicited by this document or the information contained herein and, if sent in response to this document or the information contained herein, will not be accepted. Any potential initial public offering and listing in the Philippines, if pursued, remain fully subject to prevailing market conditions and regulatory approvals, including the registration requirements of the Philippine Securities and Exchange Commission and the listing rules of the Philippine Stock Exchange, Inc., and there can be no assurance that any such filings will be made or that any offering or listing will be consummated. This document contains forward-looking statements that involve inherent risks and uncertainties; actual results, timelines, and outcomes may differ materially from those projected due to shifting market dynamics, economic environments, and regulatory updates.
