Singaporean banks to strengthen resilience against phishing scams

Photo: Getty Images

A digital token will strengthen online security for customers.

Major retail banks in Singapore will start to phase out the use of One-Time Passwords (OTPs) for customers who are digital token users, the Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) have announced.

The aim is to better protect customers from phishing scams, which, according to the Singapore Police Force Annual Scams and Cybercrime Brief 2023, was among the top five types scams last year, and resulted in at least $14.2m in losses.

The OTP will be eliminated over the next three months, and customers who have activated the digital token on their mobile phone will now instead have to use their digital tokens for bank account logins via the browser or the mobile banking app. That means that the digital token will authenticate customers’ login without the need for the OTP, and minimise the risk of scammers stealing, or tricking customers into disclosing their OTP.

“This measure provides customers with further protection against unauthorised access to their bank accounts. While they may give rise to some inconvenience, such measures are necessary to help prevent scams and protect customers,” said Mrs Ong-Ang Ai Boon, Director, ABS.

Digital token

The use of OTPs started in the 2000s as a multi-factor authentication option to strengthen online security. Yet, today’s technological developments have made it easier for fraudsters to get hold of users OTPs via more sophisticated social engineering such as setting up fake websites impersonating real ones, or in phishing attacks.

MAS says that the digital token will enhance the authentication process, and therefore make it tougher for scammers to access customer’s accounts and funds without the customer’s explicit authorization using a mobile device.

“While [the tokens] may give rise to some inconvenience, such measures are necessary to help prevent scams and protect customers.”
Mrs Ong-Ang Ai Boon, Director, ABS.

Customers who have yet not activated their digital tokens are also strongly encouraged to do so in order to decrease the risk of having their credentials stolen in phishing attacks.

Ms Loo Siew Yee, Assistant Managing Director (Policy, Payments & Financial Crime), MAS, added: “This latest measure will complement good cyber hygiene practices that customers must continue to practise, such as safeguarding their banking credentials.”

Topics

Latest News

Upskilling compliance, trust in AI and enforcement discussed at roundtable

SEC charges Richmond Federal Reserve supervisor with insider trading

Gap between statements and actions on corruption leaves questions after G20 summit

Topics

Latest News

McHenry tells regulators era of post-financial crisis regulation is over

New rules outline CFIUS’s heightened enforcement powers

ECB unsure about publishing details of research into capital requirements for EU lenders

Topics

Latest News

FSB report highlights need to minimise AI risk to financial stability

Crypto wrap: Bitcoin value surges, jail for former binance boss, and more

Boston Consulting report pinpoints businesses adding value with AI

Topics

Latest News

XLOD London 2024: Addressing the proliferation of trade venues

GRIP Extra: Cash app Dave in regulatory cross-hairs, Shell wins appeal

XLOD London 2024: Evaluating the transformative role of AI in surveillance programs