GCash, the country’s leading finance app and largest cashless ecosystem, becomes the first Philippine fintech to achieve ISO certifications for two globally recognized standards for information security management and privacy information management systems— the ISO/IEC 27001 and the ISO/IEC 2770.
GCash is the first fintech company in the Philippines to receive both certifications simultaneously, following a comprehensive and independent audit by the British Standards Institution (BSI), a business improvement and standards organization that partners with more than 84,000 clients globally across multiple industry sectors.
The certifications affirm that the information security and privacy management systems of GCash met international standards and best practices, which have been vetted by a third-party auditor, establishing transparency and building trust in the country’s largest cashless ecosystem.
“These ISO certifications are external validations of our internal belief that we must always operate with the highest integrity and discipline by integrating security and privacy into every aspect of our operations and innovations,”
said Pebbles Sy, GCash Chief Technology and Operations Officer.
BSI Country Managing Director Ava Taniajura added,
“These certifications have equipped GCash with a significant advantage in safeguarding against potential threats. GCash has implemented comprehensive systems and controls to ensure the utmost security and confidentiality of its users' personal information.”
Meanwhile, GCash Chief Information Security Officer Miguel Geronilla emphasized that staying ahead of threats and strengthening defenses is essential to protecting customers and enabling innovation with confidence.
“We have invested heavily in building a digital environment that prioritizes safety. These certifications are not just milestones but also a reflection of our commitment to protecting the trust that our millions of users have placed in us,”
Geronilla said.
The ISO/IEC 27001 certification validates the systematic approach of GCash in managing sensitive information. The complementary ISO/IEC 27701 standard focuses on how personal data is collected, stored, and processed following global and local privacy laws, including the Philippine Data Privacy Act and the EU’s General Data Protection Regulation (GDPR).
“The reality is that financial services are now frontlines in the battle for data protection,”
said GCash VP and Group Data Protection Officer Atty. Rob Real.
“Our approach combines legal compliance with technology-enabled governance to stay ahead of increasingly complex threats.”
GCash is the first Philippine-based fintech company to receive dual certifications in ISO/IEC 27001 and ISO/IEC 27701 as of certification dates. To attain dual ISO certifications for information security and data privacy is a significant achievement, as financial platforms face heightened scrutiny in protecting users from fraud, scams, and other forms of cybercrime.
The certification process required GCash to align its policies, internal audits, employee training, and data processing protocols with globally accepted standards in information security and data privacy.
The milestones come as Southeast Asia experiences a surge in cyberattacks, driven by the expansion of e-commerce, digital banking, and AI-powered fraud. In the Philippines, regulators have repeatedly warned of phishing schemes, social engineering, and synthetic identity fraud targeting mobile wallet users.
The multi-layered security strategy of GCash includes AI-driven fraud detection, biometric authentication, device binding, and 24/7 monitoring through its internal Security Operations Center. The company also works closely with regulators, law enforcement, and the banking sector to share threat intelligence and enhance consumer protection.
As cyberthreats continue to evolve, the long-term security strategy of GCash remains focused on strengthening both its technological defenses and user education, ensuring resilience and reliability as digital adoption accelerates across the country.
For more information, visit www.new.gcash.com.
About Mynt
Mynt is the first and only $5 billion unicorn in the Philippines. It's a leader in mobile financial services focused on accelerating financial inclusion through mobile money, financial services, and technology. Mynt operates two fintech companies: GXI, the mobile wallet operator of GCash — the #1 Finance App in the Philippines, and Fuse Lending, a tech-based lending company that gives Filipinos access to microloans and business loans.
About GCash
GCash is the Philippines’ #1 Finance App and Largest Cashless Ecosystem. Through the GCash App, users can easily purchase prepaid airtime; pay bills via partner billers nationwide; send and receive money anywhere in the Philippines, even to other bank accounts; purchase from over 6 million partner merchants and social sellers; and get access to savings, credit, loans, insurance and invest money, and so much more, all at the convenience of their smartphones. GCash’s mobile wallet operations are handled by G-Xchange, Inc. (GXI), a wholly-owned subsidiary of Mynt, the first and only duacorn in the Philippines.
Mynt and GCash are staunch supporters of the United Nations Sustainable Development Goals (SDGs), particularly UN SDGs 5,8,10, and 13, which focus on safety & security, financial inclusion, diversity, equity, and inclusion as well as taking urgent action to combat climate change and its impacts, respectively.
For more information, please contact:
Bruce Rodriguez, Head of Business Communications
Corporate Communications
Legal Disclaimer & Safe Harbor Statement
This press release is for informational purposes only and does not constitute, or form part of, any offer, solicitation, or invitation to sell, issue, purchase, or subscribe for any securities in the Philippines, the United States, or any other jurisdiction. No securities of Mynt, Inc. have been or will be registered under the U.S. Securities Act of 1933, as amended, and such securities may not be offered or sold in the United States absent registration or an applicable exemption from registration requirements. There will be no public offering of the securities of the Company in the United States. No money, securities or other consideration is being solicited by this document or the information contained herein and, if sent in response to this document or the information contained herein, will not be accepted. Any potential initial public offering and listing in the Philippines, if pursued, remain fully subject to prevailing market conditions and regulatory approvals, including the registration requirements of the Philippine Securities and Exchange Commission and the listing rules of the Philippine Stock Exchange, Inc., and there can be no assurance that any such filings will be made or that any offering or listing will be consummated. This document contains forward-looking statements that involve inherent risks and uncertainties; actual results, timelines, and outcomes may differ materially from those projected due to shifting market dynamics, economic environments, and regulatory updates.
