/security

News and resources on cyber and physical threats to banks and fintechs worldwide.

Banks in Singapore to phase out One-Time Passwords

Banks in Singapore are to phase out the use of phishing-prone One-Time Passwords (OTP) in favour of digital tokens for bank account login.

  9 3 comments

Banks in Singapore to phase out One-Time Passwords

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The use of OTP was introduced in the 2000s as a multi-factor authentication option to strengthen online security. However, technological developments and more sophisticated social engineering tactics have since enabled scammers to more easily phish for customers’ OTP, for example through setting up fake bank websites that closely resemble the genuine websites.

The switch to a digital token based system for mobile and web account login will be phased in progressively over the next three months.

Ong-Ang Ai Boon, director, Assocciation od Banks in Sinpapore, says: “This measure provides customers with further protection against unauthorised access to their bank accounts. While they may give rise to some inconvenience, such measures are necessary to help prevent scams and protect customers.”

Phishing scams were among the top five scam types last year according to the Singapore Police Force Annual Scams and Cybercrime Brief 2023, with at least $14.2 million stolen from customer accounts.

Loo Siew Yee, assistant managing director (Policy, Payments & Financial Crime), at the Monetary Authority of Singapore, comments: “MAS continues to work closely with banks to protect consumers by leaning hard against digital banking scams. This latest measure will complement good cyber hygiene practices that customers must continue to practise, such as safeguarding their banking credentials.”

Sponsored [Upcoming Webinar] Next Gen Payment Processing: How banks can embrace the future

Comments: (3)

A Finextra member 

$14.2M seems very small for an economy like Singapore - this is an anecdotal view - does anyone else have any comparable economies by fraud stats? 

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

My first experience of Online Banking in Germany, Switzerland, and India in ca. 2000 involved hardware tokens. Then they all switched to OTP in ca. 2010. Now, 25 years later, they're going back to hardware tokens. 

Reminds me of what Jean-Baptiste Alphonse Karr wrote, “plus ça change, plus c'est la même chose” or “the more things change, the more they stay the same.”

A Finextra member 

The hardware is something we all have and own now.... If you dont have a smartphone then the bank probably doesnt want you as a customer.... thats what Post offices are for.  Biometrics work well these days! 

[On-Demand Webinar] PREDICT 2025: The Future of AI in the USFinextra Promoted[On-Demand Webinar] PREDICT 2025: The Future of AI in the US