The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) have announced that the country’s major retail banks will soon phase out the use of One-Time Passwords (OTPs) in favour of digital tokens.
In a statement, they said that for customers who are digital token users the phase out will take place gradually over the next three months. By removing the need to use OTPs for bank account login they are aiming to better protect customers against phishing attacks.
Customers who have activated their digital token on their mobile device will have to use their digital tokens for bank account logins via the browser or the mobile banking app. The digital token then authenticates customers’ login without the need for an OTP removing the danger of scammers steal the code or trick customers into disclosing.
The use of OTP was introduced in the 2000s as a multi-factor authentication option to strengthen online security technological developments since then thave since enabled scammers to more easily phish for customers’ OTP, for example through setting up fake bank websites that closely resemble a genuine website.
Mrs Ong-Ang Ai Boon, Director, ABS, said, “This measure provides customers with further protection against unauthorised access to their bank accounts. While they may give rise to some inconvenience, such measures are necessary to help prevent scams and protect customers.”
Ms Loo Siew Yee, Assistant Managing Director (Policy, Payments & Financial Crime), MAS, added, “This latest measure will complement good cyber hygiene practices that customers must continue to practise, such as safeguarding their banking credentials.”
Furthermore, MAS and ABS have strongly encouraged customers who have not activated their digital tokens to do so, to lower the risk of having their credentials phished.
