Banks in Singapore are to phase out the use of phishing-prone One-Time Passwords (OTP) in favour of digital tokens for bank account login.
The use of OTP was introduced in the 2000s as a multi-factor authentication option to strengthen online security. However, technological developments and more sophisticated social engineering tactics have since enabled scammers to more easily phish for customers’ OTP, for example through setting up fake bank websites that closely resemble the genuine websites.
The switch to a digital token based system for mobile and web account login will be phased in progressively over the next three months.
Ong-Ang Ai Boon, director, Assocciation od Banks in Sinpapore, says: “This measure provides customers with further protection against unauthorised access to their bank accounts. While they may give rise to some inconvenience, such measures are necessary to help prevent scams and protect customers.”
Phishing scams were among the top five scam types last year according to the Singapore Police Force Annual Scams and Cybercrime Brief 2023, with at least $14.2 million stolen from customer accounts.
Loo Siew Yee, assistant managing director (Policy, Payments & Financial Crime), at the Monetary Authority of Singapore, comments: “MAS continues to work closely with banks to protect consumers by leaning hard against digital banking scams. This latest measure will complement good cyber hygiene practices that customers must continue to practise, such as safeguarding their banking credentials.”