GCash, the Philippines’ leading mobile wallet service, has assured users that all affected accounts have been rectified following a series of unauthorized transactions that saw funds vanish from e-wallets over the weekend.

The company reported that the necessary wallet adjustments were completed by Sunday, November 11, following a technical glitch that caused widespread panic among its users.

Here are 5 things we know about the incident:

1. What happened: GCash’s explanation

In response to the growing backlash, GCash quickly clarified that the unauthorized transactions were due to a “technical glitch.” Globe Telecom President and CEO Ernest Cu, whose company operates GCash through its subsidiary G-Xchange, confirmed that the incident stemmed from an error during a system reconciliation process.

“It’s a reconciliation issue that caused some wallets to be inadvertently debited. What’s most important is that we acted swiftly, and we’ve rectified all errors within 24 hours,” Cu said in a press statement.

GCash assured users that their accounts were restored and all necessary adjustments had been made by Sunday evening. The company also vowed to cooperate fully with authorities to investigate the matter further.

2. When the incident happened

The issue began to surface on Saturday, November 10, 2024, when GCash users reported that large sums of money were disappearing from their wallets.

Several customers, including notable personalities such as actress Marietta “Pokwang” Subong, shared their experiences on social media, revealing that unauthorized transfers were being made from their accounts without their knowledge.

Subong, in particular, reported a staggering P85,000 lost to unapproved transfers. Other users claimed that their funds were transferred in multiple amounts of P1,000 each to unknown mobile numbers. Alarmed, many took to social media to voice their concerns and demand explanations from the e-wallet provider.

3. Who are doing the investigation

As concerns about the security of GCash accounts mount, the Philippine government has stepped in to address the incident.

The Bangko Sentral ng Pilipinas (BSP) has launched an investigation into the unauthorized deductions, with a focus on identifying potential vulnerabilities in GCash’s system and ensuring compliance with financial regulations.

In a press statement, the BSP instructed G-Xchange (GXI), the operator of GCash, “to immediately resolve the reported unauthorized deductions on account balances of affected GCash users and swiftly complete the process of refunds that GXI has initiated.”  

The BSP has also required GXI to submit regular updates on its actions on the matter. The central bank is closely coordinating with GXI to ensure a prompt resolution of this issue.

Based on the initial report of GXI to the BSP, the incident was attributed to a system error. GXI assured that all GCash users’ accounts remain secure and that they are now in the process of refunding the deductions.

The central bank will investigate the incident further to identify possible vulnerabilities and review compliance with regulations and policies. In the meantime, the BSP is encouraging affected users to coordinate with GXI for the immediate resolution of their complaint.

“We are looking into the matter seriously to protect the interests of consumers,” said the BSP. The central bank’s intervention is critical, as it oversees mobile payment services in the country.

4. Why it seems it’s always happening

Meanwhile, the Cybercrime Investigation and Coordinating Center (CICC), under the Department of Information and Communications Technology (DICT), is also probing the incident. The CICC has raised the possibility that the incident may not have been a mere system glitch, but rather an organized cyber breach targeting specific GCash accounts.

The CICC’s Executive Director, Alexander Ramos, suggested that the scale and nature of the transfers pointed to the possibility of a coordinated attack. In particular, the case of actress Pokwang, who lost P85,000 to transfers made to nearly 30 different unregistered mobile numbers, raised suspicions of a more deliberate breach.

“We are considering the possibility of an organized cybercrime operation,” Ramos said. “We are encouraging victims like Pokwang to come forward and provide more details to help us understand the full scope of what happened.”

Digital advocacy group Digital Pinoys has also called on GCash to immediately return the lost funds to its customers.

“This issue has been long running and it seems that despite previous complaints, it has remained unresolved. This is alarming for consumers who put their trust on e-wallet providers to secure their funds. The funds lost due to unauthorized transactions should be returned immediately,” stated Ronald Gustilo, national campaigner of Digital Pinoys.

He also urged the Department of Information and Communications Technology (DICT) to investigate and impose penalties on GCash if found guilty of negligence. “E-wallet platforms do not provide the same security as banks. Consumers should not store huge amounts of money in their e-wallet accounts as the funds are not insured, unlike those in banks,” Gustilo said.

5. Where can victims report incidents

As the investigation unfolds, GCash users are urged to stay vigilant. The company has promised to enhance security protocols and improve user experience to prevent future incidents.

For now, users who believe their accounts may have been compromised are encouraged to monitor their GCash balances closely and report any suspicious activity immediately.

Victims can report the incident to GCash’s customer support through their hotline or in-app support feature here — just make sure to include all relevant details, such as transaction dates, amounts, and scam-related communications. They can also report the scam to authorities such as the PNP or NBI.

The incident has raised important questions about the security of mobile wallets, which have become a cornerstone of digital financial transactions in the Philippines. With millions relying on GCash for daily transactions, the spotlight is now on the service to rebuild trust and reassure customers of the safety of their funds.

So far, the Inter-Agency Response Center (IARC), a government body handling cybercrime complaints, has received at least 21 reports from GCash users who believe they were victims of unauthorized transactions. The IARC has since set up a dedicated hotline for those affected to report incidents and seek assistance.

Earlier this year, Jamie Dimon, the CEO of JP Morgan, has praised GCash for its groundbreaking financial technology. Dimon, who recently met with Jaime Augusto Zobel de Ayala, Chairman of Ayala Corp., and other business leaders in Manila, highlighted the importance of GCash’s contribution to the country’s digital transformation.

In the coming days, more details are expected to emerge as GCash, law enforcement, and regulatory bodies work together to uncover the cause of the glitch and ensure such incidents do not occur again. For now, GCash continues to process refunds and address customer concerns, while users remain cautious about the security of their digital wallets.

By Ralph Fajardo

Ralph is a dynamic writer and marketing communications expert with over 15 years of experience shaping the narratives of numerous brands. His journey through the realms of PR, advertising, news writing, as well as media and marketing communications has equipped him with a versatile skill set and a keen understanding of the industry. Discover more about Ralph's professional journey on his LinkedIn profile.