The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) have announced that major retail banks in Singapore will progressively reduce the use of One-Time Passwords (OTPs) for bank account login by customers who are digital token users by September 2024. This move aims to better protect them against phishing.
Customers who have activated their digital token on their mobile device will have to use their digital tokens for bank account logins via the browser or the mobile banking app. The digital token will authenticate customers’ login without the need for an OTP that scammers can steal, or trick customers into disclosing. Customers who have not activated their digital tokens are strongly encouraged to do so, to lower the risk of having their credentials phished.
OTPs were introduced in the 2000s as a multi-factor authentication option to strengthen online security. However, technological developments and improved social engineering tactics have since enabled scammers to more easily phish for customers’ OTP, for example through setting up fake bank websites that closely resemble the genuine websites. This measure will strengthen the authentication process, further preventing scammers from accessing a customer’s account and funds without its explicit authorisation using his mobile device.
Phishing scams remain a concern in Singapore. This type of fraud was among the top five scam types in 2023, with at least USD 14.2 million lost, according to the Singapore Police Force Annual Scams and Cybercrime Brief 2023. Banks continue to work closely with MAS and the Singapore Police Force to develop and introduce solutions and measures to strengthen the collective resistance in the ever-evolving scam landscape.
Speaking on this initiative, officials from ABS said this measure provides customers with further protection against unauthorised access to their bank accounts. While they may give rise to some inconvenience, such measures are necessary to help prevent scams and protect customers.
Also commenting on this development, representatives from MAS said they continue to work closely with banks to protect consumers by leaning hard against digital banking scams. This latest measure will complement good cyber hygiene practices that customers must continue to practise, such as safeguarding their banking credentials.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now