GCash, in partnership with the Cybercrime Investigation and Coordinating Center and the Philippine National Police Anti-Cybercrime Group, terminated merchant access linked with the illicit activity. The action suggests that the company is attempting to stop the channels through which illegal operators are collecting money, as opposed to simply reacting after the users have already been compromised. According to GCash, entities attempting to misuse the GCash app and QR Ph without authorization are flagged, suspended, and reported to authorities.
In the gambling sphere, the crackdown may be on the sites, the promoters, or the licensing status itself. In this case, the pressure is being applied on the payment level. Given that QR Ph is the Philippines’ national interoperable QR code standard for money transfer services and merchant payments, misuses of that rail may create serious trust problems.
How the Merchant Abuse Worked
As per local reports based on the GCash release, the blocked merchants were using commonly employed yet effective methods: QR masking, fake payment pages, and interfaces that mimicked legitimate GCash or merchant payment systems. In such conditions, users are often convinced that they’re sending money to a verified business, while it’s routed somewhere else.
GCash also repeated the user-side warning signs that it has been pushing in previous years:
-
Not to share OTPs and MPINs with others;
-
Not to trust QR codes sent via social media and chat apps;
-
To verify the merchant’s name before sending funds;
-
To be wary of sending payments to personal wallets.
In an August 2025 advisory, GCash said that it has already taken down more than 57,000 phishing sites and reported 916 illegal online gambling sites to the authorities since 2023.
Market Implications
The timing also aligns with a broader enforcement push in the Philippines. At a March 4 press conference, the CICC said it was coordinating with partner agencies to go after illegal gambling sites, apps, and those who promote them. In this context, the removal of these merchants from the GCash service doesn’t seem like a minor trust-and-safety release, but rather like the extension of a wider crackdown.
This case is not really about a particular wallet provider tightening up its own systems. It’s about a broader landscape where access to payment infrastructure may determine whether illegal operators can scale at all. Should this trend continue, then payment disruption might have more tangible effects than domain-level actions or public warnings, as it strikes at a more core part of the business model.
