Major retail banks in Singapore will progressively phase out One-Time Passwords (OTPs) for digital token users over the next three months.
Announced by the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS), this move aims to better protect customers from phishing scams.
Phishing scams were among the top five scam types last year, with at least S$14.2 million lost to these scams, according to the Singapore Police Force Annual Scams and Cybercrime Brief 2023.
Customers with activated digital tokens on their mobile devices will need to use these tokens for logging into their bank accounts via browser or mobile app.
The digital token will authenticate logins without requiring an OTP, which can be stolen or tricked from customers by scammers.
Those who have not yet activated their digital tokens are encouraged to do so to reduce the risk of credential phishing.
OTPs were introduced in the 2000s as a multi-factor authentication method to enhance online security.
However, advancements in technology and sophisticated social engineering tactics have made it easier for scammers to phish for OTPs, such as by setting up fake bank websites.
The new measure aims to strengthen the authentication process, making it more difficult for scammers to access accounts without explicit authorisation via a mobile device.
Phishing scams remain a significant concern in Singapore, with banks, MAS, and the Singapore Police Force continuously working together to develop and implement measures to combat the evolving scam landscape.
Ong-Ang Ai Boon, Director, ABS, said,
“This measure provides customers with further protection against unauthorised access to their bank accounts.
While they may give rise to some inconvenience, such measures are necessary to help prevent scams and protect customers.”
Loo Siew Yee, Assistant Managing Director (Policy, Payments & Financial Crime), MAS, said,
“MAS continues to work closely with banks to protect consumers by leaning hard against digital banking scams.
This latest measure will complement good cyber hygiene practices that customers must continue to practise, such as safeguarding their banking credentials.”
Featured image credit: Edited from Freepik
