Banks in Singapore will phase out the use of phishing-prone one-time passwords (OTP) to log into bank accounts in favor of digital tokens.
The use of OTP was introduced in the 2000s as a multi-factor authentication option to strengthen online security. However, technological developments and more sophisticated social engineering tactics have now enabled fraudsters to more easily obtain customers’ OTP, for example by setting up fake banking websites that closely resemble the real ones.
The move to a digital token-based system for mobile and web account logins will occur gradually over the next three months.
Ong-Ang Ai Boon, director of the Association of Banks in Sinpapore, said: “This measure provides customers with further protection against unauthorized access to their bank accounts. Although they may cause some inconvenience, such measures are necessary to prevent fraud and protect customers.”
According to the Singapore Police Force Annual Scams and Cybercrime Brief 2023, phishing scams were among the top five fraud types last year, with at least $14.2 million stolen from customer accounts.
Loo Siew Yee, Deputy Managing Director (Policy, Payments & Financial Crime) at the Monetary Authority of Singapore, said: “MAS continues to work closely with banks to protect consumers by taking a strong stance against digital banking fraud. This latest measure will complement good cyber hygiene practices that customers must continue to practice, such as protecting their banking information.”