The Third Party Security Requirements

For Tier 1

The Tier 1 designation is applied to an External Party provided any of the succeeding parameters are present in the engagement: 

  • Data Sensitivity: Involves Restricted Data, Know-Your-Customer (KYC), Know-Your-Merchant (KYM), Credit Card data, or source codes.
  • Network Connectivity: Requires significant access, such as VPN, Site-to-Site, or Client-to-Host connections.
  • System Integration: External Party will provide Software Development Kit (SDK), Android Package Kit (APK), Webhooks, or iOS App Store Package (IPA). The third party utilizes image based integration
  • Operational Dependency: The External Party is tagged as Premium in the Partner Reliability Program
  • Access Control: Requires Privileged Access or Administrative Access.
Learn more
For Tier 2

An External Party shall be designated as Tier 2 if, and only if, the External Party does not meet any of the criteria for Tier 1 classification and any of the succeeding parameters are present:

  • Data Sensitivity: Involves Confidential Data.
  • Network Connectivity: Utilizes a restricted network model like Zero Trust Network Access (ZTNA).
  • System Integration: Integration is handled via standard secure protocols like Application Programming Interface (API), Secure File Transfer Protocol (SFTP), or Managed File Transfer (MFT).
  • Operational Dependency: The External Party is tagged as “Select” in the Partner Reliability Program
  • Access Control: Non-privileged Access
Learn more
For Tier 3

An External Party shall be designated as Tier 3 if, and only if, the External Party does not meet any of the criteria for Tier 1 classification and does not meet any of the criteria for Tier 2 classification, and any of the succeeding Tier 3 parameters are present:

  • Data Sensitivity: Involves only Internal Data.
  • Network Connectivity: Access is highly restricted, limited to a Sandbox only or a Web Portal only.
  • System Integration: The External Party consumes Company Application Program Interface (API) (one way only) and has no access to any Company data via the API call.
  • Operational Dependency: The External Party is tagged as Standard in the Partner Reliability Program
  • Access Control: Requires Non-privileged Access. Access is provided via  a Portal  or Front end Web access only.
Learn more
For Tier 4

An External Party shall be designated as Tier 4 if, and only if, the External Party fails to meet any of criteria  for Tier 1, Tier 2, and Tier 3 classifications.

The External Party's engagement is strictly limited to one-way informational services, passive physical support, or non-interactive functions.

Tier 4 External Parties do not require access to any Company data, network connectivity, system integration, or logical access to any Company tools, systems, or applications.

Learn more
The Anti Fraud and Illegal Activity
Terms and Conditions

This terms and conditions apply to all External Parties engaged by the Company

Learn more

These terms and conditions apply to all External Parties engaged by the Company

Got questions about GCash?
Visit Help Center

G-Xchange, Inc. (GCash) is regulated by the Bangko Sentral ng Pilipinas (www.bsp.gov.ph)

Need Help? Visit the GCash Help Center or Call 2882 (Globe/TM) / (02) 7213-9999 (other networks; fees may apply)

W Global Center, Lane P Cor. 9th Avenue, 
Bonifacio Global City, Taguig, Philippines

Customer

Get StartedServicesNewsroomPromosCareers

Business

EnterpriseMSMEPartner SolutionsDigicities

Legal

Privacy NoticeTerms and Conditions

Copyright © 2025 GCash. All Rights Reserved.

We use cookies to enhance your browsing experience. Essential cookies (functional and security) will always be used for the website to function properly and securely. Read our Cookie Policy.

Accept All
Reject All
Customize