SINGAPORE: Major banks in Singapore will phase out the use of One-Time Passwords (OTPs) for bank account logins by customers who are digital token users.
This will be implemented progressively over the next three months and is aimed at better protecting customers against phishing scams, said the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) on Tuesday (Jul 9).
The move will not affect customers using physical tokens. Major banks include the three Singapore banks – DBS, OCBC and UOB.
"The digital token will authenticate customers’ login without the need for an OTP that scammers can steal, or trick customers into disclosing," they said.
"Customers who have not activated their digital tokens are strongly encouraged to do so, to lower the risk of having their credentials phished."
The use of OTPs was introduced in the 2000s as a multi-factor authentication option to strengthen online security.
"However, technological developments and more sophisticated social engineering tactics have since enabled scammers to more easily phish for customers’ OTP, for example through setting up fake bank websites that closely resemble the genuine websites,” MAS and ABS said.
"This latest measure will strengthen the authentication process, making it harder for scammers to fraudulently access a customer's account and funds without the customer’s explicit authorisation using his mobile device."
They said that phishing scams remain a concern in Singapore. According to police statistics, at least S$14.2 million (US$10.5 million) was lost to such scams last year.
Ms Loo Siew Yee, assistant managing director for policy, payments and financial crime at MAS, said: “MAS continues to work closely with banks to protect consumers by leaning hard against digital banking scams.
"This latest measure will complement good cyber hygiene practices that customers must continue to practise, such as safeguarding their banking credentials."
ABS director Ong-Ang Ai Boon added: "This measure provides customers with further protection against unauthorised access to their bank accounts. While they may give rise to some inconvenience, such measures are necessary to help prevent scams and protect customers."
Continue reading...
This will be implemented progressively over the next three months and is aimed at better protecting customers against phishing scams, said the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) on Tuesday (Jul 9).
The move will not affect customers using physical tokens. Major banks include the three Singapore banks – DBS, OCBC and UOB.
"The digital token will authenticate customers’ login without the need for an OTP that scammers can steal, or trick customers into disclosing," they said.
"Customers who have not activated their digital tokens are strongly encouraged to do so, to lower the risk of having their credentials phished."
The use of OTPs was introduced in the 2000s as a multi-factor authentication option to strengthen online security.
"However, technological developments and more sophisticated social engineering tactics have since enabled scammers to more easily phish for customers’ OTP, for example through setting up fake bank websites that closely resemble the genuine websites,” MAS and ABS said.
"This latest measure will strengthen the authentication process, making it harder for scammers to fraudulently access a customer's account and funds without the customer’s explicit authorisation using his mobile device."
They said that phishing scams remain a concern in Singapore. According to police statistics, at least S$14.2 million (US$10.5 million) was lost to such scams last year.
Ms Loo Siew Yee, assistant managing director for policy, payments and financial crime at MAS, said: “MAS continues to work closely with banks to protect consumers by leaning hard against digital banking scams.
"This latest measure will complement good cyber hygiene practices that customers must continue to practise, such as safeguarding their banking credentials."
ABS director Ong-Ang Ai Boon added: "This measure provides customers with further protection against unauthorised access to their bank accounts. While they may give rise to some inconvenience, such measures are necessary to help prevent scams and protect customers."
Continue reading...