GCash is the first fintech company in the Philippines to receive both certifications simultaneously, following a comprehensive and independent audit by the British Standards Institution (BSI), a business improvement and standards organization that partners with more than 84,000 clients globally across multiple industry sectors.
“These ISO certifications are external validations of our internal belief that we must always operate with the highest integrity and discipline by integrating security and privacy into every aspect of our operations and innovations,” said Pebbles Sy, GCash chief technology and operations officer.
BSI country managing director Ava Taniajura added, “These certifications have equipped GCash with a significant advantage in safeguarding against potential threats. GCash has implemented comprehensive systems and controls to ensure the utmost security and confidentiality of its users' personal information.”
Meanwhile, GCash chief information security officer Miguel Geronilla emphasized that staying ahead of threats and strengthening defenses is essential to protecting customers and enabling innovation with confidence.
The ISO/IEC 27001 certification validates the systematic approach of GCash in managing sensitive information. The complementary ISO/IEC 27701 standard focuses on how personal data is collected, stored, and processed following global and local privacy laws, including the Philippine Data Privacy Act and the EU’s General Data Protection Regulation (GDPR).
“The reality is that financial services are now frontlines in the battle for data protection,” said GCash VP and group data protection officer Atty. Rob Real. “Our approach combines legal compliance with technology-enabled governance to stay ahead of increasingly complex threats.”
GCash is the first Philippine-based fintech company to receive dual certifications in ISO/IEC 27001 and ISO/IEC 27701 as of certification dates. To attain dual ISO certifications for information security and data privacy is a significant achievement, as financial platforms face heightened scrutiny in protecting users from fraud, scams, and other forms of cybercrime.
The certification process required GCash to align its policies, internal audits, employee training, and data processing protocols with globally accepted standards in information security and data privacy.
The milestones come as Southeast Asia experiences a surge in cyberattacks, driven by the expansion of e-commerce, digital banking, and AI-powered fraud. In the Philippines, regulators have repeatedly warned of phishing schemes, social engineering, and synthetic identity fraud targeting mobile wallet users.
The multi-layered security strategy of GCash includes AI-driven fraud detection, biometric authentication, device binding, and 24/7 monitoring through its internal Security Operations Center. The company also works closely with regulators, law enforcement, and the banking sector to share threat intelligence and enhance consumer protection.
As cyberthreats continue to evolve, the long-term security strategy of GCash remains focused on strengthening both its technological defenses and user education, ensuring resilience and reliability as digital adoption accelerates across the country.
For more information, visit www.gcash.com.
No comments:
Post a Comment