BalikbayanHub
Balikbayan Box What you can and can’t pack Sending Money Posted fees Gifts & Pasalubong What actually survives the box OFW Money & Docs Budget frameworks for splitting one paycheck three ways ArticlesPlain-language explainers ToolsIn-browser self-checks SearchFind a rate, rule or checklist

Security tool · Information, not advice

The lock-down check

Money sent home moves through an e-wallet, a bank app, and the email that can reset both. This walks the protection layers GCash, your bank, Google, Microsoft and BSP publish on their own pages — eleven yes/no checks, a score, and a plain list of what each source says about the gaps. It runs in your browser; nothing you tap is sent or stored.

Self-check · 11 questions

Where your accounts stand

Eleven yes/no checks on the security layers that GCash, your bank, Google, Microsoft and BSP describe in their own pages. You get a score and a plain list of what each source says about the gaps. This is sourced information, not advice — and no setup makes any account fully secure.

Runs entirely in your browser. Nothing is sent, stored, or seen by anyone.

The interactive scorer needs JavaScript. Below is the full sourced check as a static list.

1 Do your money accounts (e-wallet, bank) use an email address you keep separate from your everyday email?

Google’s account-security guidance describes a compromised email as the route attackers use to reset other accounts; a mailbox used only for finance reduces what one leaked everyday inbox exposes. Google Account Help — 2-Step Verification

2 Are you certain you have never shared your GCash MPIN or an OTP with anyone — including someone claiming to be GCash “support”?

GCash’s Help Center states GCash will never ask for your MPIN or OTP and never sends account links by SMS or email; anyone who does is not GCash. Confirm with GCash Help Center — How can I protect my GCash account?

3 On GCash, is face authentication (DoubleSafe) active and is your account tied to a single registered device?

GCash describes DoubleSafe as a face-authentication layer that blocks access from a new device even if the MPIN and OTP are known, with one device registered to an account at a time. Confirm with GCash Help Center — What is GCash DoubleSafe?

4 On every e-wallet and bank app you use (e.g. Maya, BPI, BDO), is the app’s own two-factor / device-approval feature switched on?

Maya documents a two-factor setting that sends an SMS passcode on every login; BPI documents Mobile Key device approval; BDO documents multi-factor authentication for its mobile app. Confirm with Maya Help — Set up Two-factor Authentication (2FA)

5 Is 2-Step Verification (Google) or two-step verification (Microsoft) turned on for your primary email?

Google and Microsoft both document a second verification step at sign-in so a known password alone cannot open the account. Google Account Help — Turn on 2-Step Verification

6 Have you set recovery options (recovery phone/email, or saved backup codes) on your primary email?

Google and Microsoft document recovery contact info and backup codes as the way to regain an account if a device or password is lost — and to be notified of recovery attempts. Google Account Help — App passwords & recovery

7 Does each money account have its own password that is used nowhere else (kept in a password manager, not reused)?

Reusing one password means a leak on any one site exposes the rest; reputable security guidance describes unique passwords plus a password manager as the standard mitigation. CISA — Use Strong Passwords / Recognize and Report Phishing

8 Have you recently reviewed the list of devices/sessions signed in to your email and e-wallet, and removed any you do not recognise?

Google documents a “devices” / recent-security-activity view for spotting and signing out unrecognised sessions; e-wallets similarly list active device(s). Google Account Help — 2-Step Verification (devices & activity)

9 Is the phone that holds your e-wallet and email locked with a PIN, pattern, or biometric — not left unlocked?

A device passcode is the baseline barrier between a lost or borrowed phone and the apps holding your money and OTPs; it is the first control in provider and CISA device-security guidance. CISA — Secure Our World (device basics)

10 Is your money kept across more than one place, rather than your full balance sitting in a single wallet you use daily?

BSP’s consumer-protection “Check, Protect, Report” messaging frames limiting exposure and reporting fast; a single daily-use wallet holding everything is the largest single point of loss if it is compromised. PIA / BSP — “Check, Protect, Report”

11 Is the SIM that receives your banking OTPs registered (RA 11934), and are you aware OTP-by-SMS can be defeated by SIM-swap?

The SIM Registration Act (RA 11934) ties SIMs to identities as a deterrence measure; it does not by itself stop SIM-swap, where a number is moved to an attacker’s SIM to intercept OTPs — which is why app-based factors above matter. Confirm with NTC — FAQs on the SIM Registration Act (RA 11934)

0 / 100

A score is a snapshot of the layers these sources describe — it is not a guarantee. No configuration makes any account 100% secure.

Documented layers not yet in place

Marked already set

  • None marked set yet.

Sources — checked, dated

  1. Google Account Help — 2-Step Verification (devices & activity) — checked
  2. Google Account Help — App passwords & recovery — checked
  3. CISA — Secure Our World (device basics) — checked
  4. PIA / BSP — “Check, Protect, Report” — checked

Check these on the official page

Security settings change, and only the provider can show what’s true for your account today. For anything marked “Confirm with …”, open its official page below and check the current setting yourself — especially if it looks different from what’s described here.

  1. GCash Help Center — How can I protect my GCash account?
  2. GCash Help Center — What is GCash DoubleSafe?
  3. Maya Help — Set up Two-factor Authentication (2FA)
  4. NTC — FAQs on the SIM Registration Act (RA 11934)

Sources checked

Sourced & dated information — not financial or immigration advice. Our sources & ranking policy.

All tools