A multi‑layered, AI‑powered security strategy showed how it protects millions of Filipinos from the next wave of scams
Digital fraud has evolved from technical exploits into psychological manipulation, targeting not just systems but human trust itself. Financial institutions face mounting pressure to respond with defenses that can learn, adapt, and scale in real time. At the recent Risk.net–AWS conference, #GCash demonstrated how it is meeting this challenge, unveiling its multi‑layered, AI‑powered security strategy to protect millions of Filipinos from the next wave of scams.
During the conference, which focused on ‘Driving AFASA Compliance Through Advanced Fraud & FinCrime Detection’, hosted by Risk.net and Amazon Web Services (AWS) at Seda Hotel BGC in Manila, industry experts, from chief risk officers and compliance heads to security leaders and key stakeholders, gathered together to discuss how to operationalize the strengthened controls of the Anti‑Financial Account Scamming Act (AFASA), or Republic Act No. 12010 — a landmark law designed to combat the surge of financial cybercrimes such as phishing, smishing, and money muling.
Financial risk sector leaders gather at the Risk.net–AWS conference in Manila to discuss emerging fraud threats, regulatory compliance, and the role of AI in strengthening financial security across the digital payments ecosystem.
From left to right: GASA Security Governance Director Mel Migrino, PayMongo Chief risk and compliance officer Josh Quinto, Maya Compliance Management Head Mark Talib, and GCash chief risk officer Ingrid Beroña.
GCash participated as one of the key speakers, with its Chief Risk Officer, Ingrid Beroña, joining the panel discussion on "Addressing Real-Time Fraud Detection, Authentication and Financial Crime Under AFASA's Circular 1213," where she led critical conversations on emerging fraud scenarios, AI-powered detection technologies, and the company's risk-based approach to compliance. She was joined by fellow leaders in the fintech landscape from Paymongo, GASA Philippines, and Maya.
When fraudsters weaponize AI
Ingrid Beroña highlights the role of AI and advanced risk management strategies in combating emerging fraud threats during a panel discussion at the Risk.net–AWS conference in Manila.
"AI-generated phishing and smishing are the biggest problems across different services that we have," Beroña shared. "Fraudsters are now able to craft phishing messages, even translating them into different languages and dialects."
The threat is amplified for the Philippines, which is one of the world's top social media adopters according to the Digital 2024 and 2025 Global Overview Reports by We Are Social and Meltwater. Large-scale social engineering campaigns deploy bots across platforms, while fake pages and merchants impersonate legitimate services with near-perfect accuracy.
As fraudsters weaponize AI, GCash has designed its defenses around four adaptive pillars. It begins with behavioral biometrics that screen user networks, paired with payload systems that monitor massive transaction volumes in real time. On top of this foundation sits adaptive risk profiling, tailoring security to each user. These controls are then scaled through a cloud‑based architecture capable of protecting millions of GCash user accounts simultaneously. Finally, the system continuously profiles consumer behavior, adjusting security controls in response to evolving activity patterns and transaction histories.
Furthermore, the GCash approach to AFASA ensures that the company is continuously working closely with fraud and cyber teams, AML specialists, and legal counsel while embedding AFASA discipline across the organization.
Strengthening ecosystem-wide defenses
The conference also highlighted how Circular 1213 strengthens controls across real-time fraud detection, identity integrity, authentication security, customer-protection alerts, and financial-crime monitoring, addressing how fraud and scams have evolved from isolated incidents to a regional crisis demanding coordinated response.
The conversations at the Risk.net and AWS event underscored a fundamental shift in how financial institutions must approach security. For GCash, having the largest digital ecosystem in the country means protection embedded at every layer, from onboarding through every transaction, continuously profiling behavior, and adjusting security controls based on risk. Technology that scales to handle massive volumes while maintaining the intelligence to identify subtle anomalies. It means security and privacy by design, not bolted on after the fact.
By anchoring security strategies in the realities of today's threat landscape rather than yesterday's playbooks, GCash continues building fraud prevention capabilities that protect users without compromising the seamless digital experience that drives financial inclusion.
For more information, please visit www.gcash.com.