SINGAPORE: Major banks in Singapore will phase out the use of one-time passwords (OTPs) for bank account logins by customers who are digital token users.

This will be implemented progressively over the next three months and is aimed at better protecting customers against phishing scams, said the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) on Tuesday (Jul 9).

The move will not affect customers using physical tokens. Major banks include the three Singapore banks – DBS, OCBC and UOB.

“The digital token will authenticate customers’ login without the need for an OTP that scammers can steal or trick customers into disclosing,” they said.

Customers who have not activated their digital tokens are strongly encouraged to do so, added MAS and ABS.

According to its website, DBS stopped issuing physical tokens in February 2021. OCBC and UOB customers can still replace their physical tokens but the banks recommend customers to switch to digital tokens.

OTPs were introduced in the 2000s as a multi-factor authentication option to strengthen online security.

However, technological developments and more sophisticated social engineering tactics have enabled scammers to more easily phish customers’ OTPs. MAS and ABS cited the example of scammers setting up fake bank websites that closely resemble genuine ones.

“This latest measure will strengthen the authentication process, making it harder for scammers to fraudulently access a customer’s account and funds without the customer’s explicit authorisation using his mobile device,” they added.

According to the Singapore Police Force’s annual report on scams and cybercrime, at least S$14.2 million (US$10.5 million) was lost to phishing scams last year.

A total of 5,938 phishing scams were reported last year, down from 7,097 the year before.


Leave A Reply

© 2024 The News Singapore. All Rights Reserved.