Major retail banks in Singapore will soon phase out one-time passwords (OTPs) for bank account logins, a move orchestrated by the Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS).
This decision aims to fortify the defence against phishing scams, a persistent threat in the digital banking landscape.
Introduced in the 2000s as a multi-factor authentication method, OTPs are dynamically generated passwords used for a single login session or transaction, typically sent via SMS, email, or a mobile app, designed to enhance security by providing an additional layer of authentication beyond static passwords.
Despite their benefits in reducing unauthorised access, OTPs have become increasingly vulnerable to sophisticated phishing techniques, where scammers create fake websites to trick users into revealing their OTPs.
Phishing scams were among the top five scam types last year, with at least $14.2million lost to these scams, according to Singapore Police Force Annual Scams and Cybercrime Brief 2023.
Shift to tokens
Customers will now need to use their digital tokens, activated on their mobile devices, for logging into their bank accounts through a browser or mobile banking app. The digital token will authenticate customers’ login without the need for an OTP that scammers can steal, or trick customers into disclosing.
This approach aims to strengthen the authentication process, making it harder for scammers to fraudulently access a customer’s account and funds without the customer’s explicit authorisation using their mobile device.
“This measure provides customers with further protection against unauthorised access to their bank accounts,” said Ong-Ang Ai Boon, director, ABS. “While they may give rise to some inconvenience, such measures are necessary to help prevent scams and protect customers.”
Loo Siew Yee, assistant managing director (policy, payments and financial crime), at MAS, also commented: “MAS continues to work closely with banks to protect consumers by leaning hard against digital banking scams. This latest measure will complement good cyber hygiene practices that customers must continue to practise, such as safeguarding their banking credentials.”
The post Singapore Banks to Phase Out OTPs to Combat Phishing Scams appeared first on The Fintech Times.