Customers will have to use their tokens for bank account logins either via the browser or the mobile banking app
MAJOR retail banks in Singapore will begin phasing out the use of one-time passwords (OTPs) for account login by digital token users within the next three months.
Customers with activated digital tokens on their mobile devices will have to use the tokens for bank account logins either via the browser or the mobile banking app.
The digital token will authenticate customers’ logins without the need for an OTP that scammers can steal or trick customers into disclosing, said the Monetary Authority of Singapore (MAS) and The Association of Banks (ABS) in Singapore on Tuesday (Jul 9).
Those who have not activated their digital tokens are also “strongly encouraged” to do so, as it would lower the risk of having their credentials stolen, said the pair.
The use of OTP was introduced in the 2000s as a multi-factor authentication option to strengthen online security.
But technological developments and more sophisticated social engineering tactics have enabled scammers to more easily phish for customers’ OTPs, said MAS and ABS.
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
Phishing scams were among the top five ruses Singaporeans fell prey to in 2023, with at least S$14.2 million lost, according to data released by the Singapore Police Force earlier this year.
Hence, the newest measure will make it harder for scammers to access a customer’s accounts and funds without the customer’s explicit authorisation through his mobile device, said both companies.
Ong-Ang Ai Boon, director of ABS, said: “This measure provides customers with further protection against unauthorised access to their bank accounts. While they may give rise to some inconveniences, such measures are necessary to help prevent scams and protect customers.”
