The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) have announced that within the next three months, major retail banks in Singapore will progressively phase out the use of one-time passwords (OTPs) for bank account login by customers who are digital token users.
While OTPs were introduced in the 2000s as a multi-factor authentication option to strengthen online security, technological developments and sophisticated social engineering tactics have since enabled scammers to more easily phish for customers’ OTPs, such as through the use of bank websites that closely resemble genuine websites.
Within the next three months, customers who have activated their digital token on their mobile device will have to use their digital tokens for bank account logins via the browser or the mobile banking app.
Without the need for an OTP, this latest measure will strengthen the authentication process, making it harder for scammers to fraudulently access a customer's account and funds without the customer’s explicit authorisation using his mobile device.
Phishing scams remain a concern in Singapore, and banks continue to work closely with MAS and the Singapore Police Force to develop and introduce solutions to enhance safety in the evolving scam landscape.
Ong-Ang Ai Boon, director, ABS, says: “This measure provides customers with further protection against unauthorised access to their bank accounts. While they may give rise to some inconvenience, such measures are necessary to help prevent scams and protect customers.”
See also: Chinese group accused of hacking Singtel in telecom attacks (update)
Loo Siew Yee, assistant managing director, policy, payments and financial crime, MAS, concludes: “MAS continues to work closely with banks to protect consumers by leaning hard against digital banking scams. This latest measure will complement good cyber hygiene practices that customers must continue to practise, such as safeguarding their banking credentials.”