The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) announced a significant shift in security protocols for major retail banks.
Over the next three months, banks will gradually discontinue using One-Time Passwords (OTPs) for customers who use digital tokens, a move intended to bolster protection against phishing attacks.
Customers who have activated digital tokens on their mobile devices will now authenticate their logins through the token directly, either via web browsers or mobile banking apps.
This measure eliminates the need for OTPs, which are vulnerable to interception by scammers through sophisticated phishing techniques.
The initiative is a response to evolving security challenges. Initially introduced in the early 2000s, OTPs were a robust multi-factor authentication method.
However, advances in technology and social engineering tactics have made OTPs increasingly susceptible to fraud.
Scammers often create fake banking websites that mimic legitimate ones to capture OTPs unwittingly provided by customers.
This updated authentication approach is designed to make unauthorized account access considerably more difficult, requiring explicit authorization from the customer’s mobile device.
Phishing scams continue to pose significant risks in Singapore, prompting continuous collaborative efforts between banks, MAS, and the Singapore Police Force.
These partnerships focus on developing and implementing robust solutions to strengthen defenses against an ever-evolving landscape of financial scams.
Ong-Ang Ai Boon, Director of ABS, emphasized the balance between security and convenience. She said:
This measure provides customers with further protection against unauthorized access to their bank accounts. While they may give rise to some inconvenience, such measures are necessary to help prevent scams and protect customers.
Loo Siew Yee, Assistant Managing Director (Policy, Payments & Financial Crime) at MAS, highlighted the broader strategy.
“MAS continues to work closely with banks to protect consumers by leaning hard against digital banking scams. This latest measure will complement good cyber hygiene practices that customers must continue to practise, such as safeguarding their banking credentials,” she added.
The phased discontinuation of OTPs is part of a larger strategy to enhance digital banking security and ensure safer financial transactions for consumers in Singapore.