Main retail banks in Singapore will quickly section out one-time passwords (OTPs) for checking account logins, a transfer orchestrated by the Financial Authority of Singapore (MAS) and The Affiliation of Banks in Singapore (ABS).
This choice goals to fortify the defence in opposition to phishing scams, a persistent menace within the digital banking panorama.
Launched within the 2000s as a multi-factor authentication methodology, OTPs are dynamically generated passwords used for a single login session or transaction, sometimes despatched through SMS, electronic mail, or a cellular app, designed to reinforce safety by offering an extra layer of authentication past static passwords.
Regardless of their advantages in decreasing unauthorised entry, OTPs have turn out to be more and more weak to classy phishing strategies, the place scammers create faux web sites to trick customers into revealing their OTPs.
Phishing scams have been among the many high 5 rip-off varieties final yr, with not less than $14.2million misplaced to those scams, in accordance with Singapore Police Power Annual Scams and Cybercrime Transient 2023.
Shift to tokens
Clients will now want to make use of their digital tokens, activated on their cellular gadgets, for logging into their financial institution accounts by a browser or cellular banking app. The digital token will authenticate clients’ login with out the necessity for an OTP that scammers can steal, or trick clients into disclosing.
This strategy goals to strengthen the authentication course of, making it tougher for scammers to fraudulently entry a buyer’s account and funds with out the shopper’s specific authorisation utilizing their cellular machine.
“This measure gives clients with additional safety in opposition to unauthorised entry to their financial institution accounts,” stated Ong-Ang Ai Boon, director, ABS. “Whereas they could give rise to some inconvenience, such measures are vital to assist stop scams and defend clients.”
Lavatory Siew Yee, assistant managing director (coverage, funds and monetary crime), at MAS, additionally commented: “MAS continues to work intently with banks to guard customers by leaning onerous in opposition to digital banking scams. This newest measure will complement good cyber hygiene practices that clients should proceed to practise, resembling safeguarding their banking credentials.”
