Singapore’s banking system is getting a security upgrade. The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) announced a collaboration to phase out One-Time Passwords (OTPs) for digital token users. This move aims to significantly reduce the risk of phishing scams that target online bank accounts.
Over the next three months, major retail banks in Singapore will progressively transition digital token users away from OTPs for logins. These digital tokens, activated on mobile devices, will become the primary authentication method for both browser and mobile banking app access. This eliminates the need for OTPs, which are vulnerable to phishing attacks where scammers steal or trick users into revealing them.
While OTPs served as a robust security measure in the 2000s, advancements in technology and social engineering tactics have made them less secure. Phishing scams now employ sophisticated techniques, including creating fake bank websites that closely mimic the real ones, to steal OTPs from unsuspecting users. Digital tokens, however, offer a more secure solution by requiring user authorization directly on their mobile device. This significantly reduces the risk of unauthorized access even if a scammer manages to steal login credentials.
Phishing scams remain a major concern in Singapore, ranking among the top five scam types in 2023 and resulting in losses exceeding $14.2 million according to the Singapore Police Force Annual Scams and Cybercrime Brief. This initiative by MAS and ABS reflects their ongoing commitment to fortifying Singapore’s financial system against evolving cyber threats.
While the transition to digital tokens may cause some initial inconvenience, both MAS and ABS emphasize the importance of prioritizing security. Mrs Ong-Ang Ai Boon, Director of ABS, highlighted that this measure “provides customers with further protection against unauthorized access,” even if it comes with a slight adjustment to user experience. Ms Loo Siew Yee, Assistant Managing Director at MAS, reiterated the need for continued vigilance. “This latest measure complements good cyber hygiene practices that customers must continue to practice,” she stated.