Resilience against phishing scams: Banks in Singapore are to phase out the use of One-Time Passwords for bank account login in favour of digital tokens, within the next three months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) announced that major retail banks in Singapore will progressively phase out the use of One-Time Passwords (OTPs) for bank account login by customers who are digital token users within the next three months. „This will better protect them against phishing.” – MAS said in a press release.

Customers who have activated their digital token on their mobile device will have to use their digital tokensfor bank account logins via the browser or the mobile banking app. The digital token will authenticate customers’ login without the need for an OTP that scammers can steal, or trick customers into disclosing. Customers who have not activated their digital tokens are strongly encouraged to do so, to lower the risk of having their credentials phished.

The use of OTP was introduced in the 2000s as a multi-factor authentication option to strengthen online security. However, technological developments and more sophisticated social engineering tactics have since enabled scammers to more easily phish for customers’ OTP, for example through setting up fake bank websites that closely resemble the genuine websites. This latest measure will strengthen the authentication process, making it harder for scammers to fraudulently access a customer’s account and funds without the customer’s explicit authorisation using his mobile device.

Phishing scams remain a concern in Singapore1), and banks continue to work closely with MAS and the Singapore Police Force to develop and introduce solutions and measures to strengthen our collective resistance in the ever-evolving scam landscape.

Mrs Ong-Ang Ai Boon, Director, ABS, said: “This measure provides customers with further protection against unauthorised access to their bank accounts. While they may give rise to some inconvenience, such measures are necessary to help prevent scams and protect customers.”

Ms Loo Siew Yee, Assistant Managing Director (Policy, Payments & Financial Crime), MAS, said: “MAS continues to work closely with banks to protect consumers by leaning hard against digital banking scams. This latest measure will complement good cyber hygiene practices that customers must continue to practise, such as safeguarding their banking credentials.”

__________

1) Phishing scams were among the top five scam types last year, with at least $14.2 million lost to these scams – Singapore Police Force Annual Scams and Cybercrime Brief 2023.