News and resources on cyber and physical threats to banks and fintechs worldwide.
Banks in Singapore to phase out One-Time Passwords

Banks in Singapore to phase out One-Time Passwords

Banks in Singapore are to phase out the use of phishing-prone One-Time Passwords (OTP) in favour of digital tokens for bank account login.

The use of OTP was introduced in the 2000s as a multi-factor authentication option to strengthen online security. However, technological developments and more sophisticated social engineering tactics have since enabled scammers to more easily phish for customers’ OTP, for example through setting up fake bank websites that closely resemble the genuine websites.

The switch to a digital token based system for mobile and web account login will be phased in progressively over the next three months.

Ong-Ang Ai Boon, director, Assocciation od Banks in Sinpapore, says: “This measure provides customers with further protection against unauthorised access to their bank accounts. While they may give rise to some inconvenience, such measures are necessary to help prevent scams and protect customers.”

Phishing scams were among the top five scam types last year according to the Singapore Police Force Annual Scams and Cybercrime Brief 2023, with at least $14.2 million stolen from customer accounts.

Loo Siew Yee, assistant managing director (Policy, Payments & Financial Crime), at the Monetary Authority of Singapore, comments: “MAS continues to work closely with banks to protect consumers by leaning hard against digital banking scams. This latest measure will complement good cyber hygiene practices that customers must continue to practise, such as safeguarding their banking credentials.”

Comments: (3)

A Finextra member
A Finextra member 10 July, 2024, 09:05Be the first to give this comment the thumbs up 0 likes

$14.2M seems very small for an economy like Singapore - this is an anecdotal view - does anyone else have any comparable economies by fraud stats? 

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 11 July, 2024, 15:50Be the first to give this comment the thumbs up 0 likes

My first experience of Online Banking in Germany, Switzerland, and India in ca. 2000 involved hardware tokens. Then they all switched to OTP in ca. 2010. Now, 25 years later, they're going back to hardware tokens. 

Reminds me of what Jean-Baptiste Alphonse Karr wrote, “plus ça change, plus c'est la même chose” or “the more things change, the more they stay the same.”

A Finextra member
A Finextra member 12 July, 2024, 16:45Be the first to give this comment the thumbs up 0 likes

The hardware is something we all have and own now.... If you dont have a smartphone then the bank probably doesnt want you as a customer.... thats what Post offices are for.  Biometrics work well these days!