Banks in Singapore are set to gradually eliminate the use of phishing-prone One-Time Passwords (OTP) in favor of digital tokens for bank account logins.
The introduction of OTPs in the early 2000s aimed to enhance online security through multi-factor authentication. However, advances in technology and increasingly sophisticated social engineering tactics have made it easier for scammers to phish for these OTPs, often by creating fake bank websites that closely mimic legitimate ones.
The transition to a digital token system for mobile and web account access will be implemented progressively over the next three months.
Ong-Ang Ai Boon, director of the Association of Banks in Singapore, stated, “This measure provides customers with further protection against unauthorized access to their bank accounts. While it may cause some inconvenience, such measures are necessary to help prevent scams and ensure the safety of customers.”
According to the Singapore Police Force’s Annual Scams and Cybercrime Brief 2023, phishing scams were among the top five types of fraud last year, with over $14.2 million stolen from customer accounts.
Loo Siew Yee, assistant managing director (Policy, Payments & Financial Crime) at the Monetary Authority of Singapore, remarked, “MAS continues to collaborate closely with banks to safeguard consumers by taking a strong stance against digital banking scams. This latest measure will complement the essential cyber hygiene practices that customers must continue to uphold, such as protecting their banking credentials.”