9-7-2024 (SINGAPORE) In a significant move to bolster cybersecurity and combat phishing scams, Singapore’s financial sector is set to implement sweeping changes to online banking authentication methods. The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) jointly announced on July 9 that customers using digital tokens will soon be unable to utilise one-time passwords (OTPs) for logging into their bank accounts.
This decisive action comes as part of a broader initiative to enhance customer protection against increasingly sophisticated phishing attempts. Major retail banks in the city-state, including local giants DBS Bank, OCBC Bank, and UOB, are expected to phase out OTP usage for account login among digital token users within the next quarter.
It’s important to note that this change will not affect customers who rely on physical tokens. The new measure specifically targets users of digital tokens, who will now be required to authenticate their logins via their mobile devices when accessing accounts through internet browsers or mobile banking applications.
Mrs. Ong-Ang Ai Boon, Director of ABS, acknowledged the potential inconvenience but emphasised the necessity of such measures. “While they may give rise to some inconvenience, such measures are necessary to help prevent scams and protect customers,” she stated.
The shift away from OTPs for digital token users is rooted in the evolving landscape of cyber threats. Despite being introduced in the 2000s as a multi-factor authentication method to enhance online security, OTPs have become vulnerable to modern scamming techniques. Technological advancements and sophisticated social engineering tactics, such as the creation of convincing fake bank websites, have made it increasingly easy for scammers to intercept or manipulate OTPs.
MAS and ABS highlighted that the new authentication process will make it substantially more challenging for fraudsters to gain unauthorised access to customer accounts and funds. The digital token system, integrated into mobile banking apps, often employs biometric or facial recognition technology to verify logins and transactions, providing an additional layer of security.
Loo Siew Yee, Assistant Managing Director for Policy, Payments and Financial Crime at MAS, underscored the authority’s commitment to consumer protection. “MAS continues to work closely with banks to protect consumers by leaning hard against digital banking scams,” she said. “This latest measure will complement good cyber hygiene practices that customers must continue to practise, such as safeguarding their banking credentials.”
The urgency of this security overhaul is underscored by recent crime statistics. Phishing scams ranked among the top five scam types in Singapore in 2023, with victims suffering losses of at least S$14.2 million, according to annual police figures.
