Singapore’s central banks, including DBS, OCBC, and UOB, are set to phase out one-time passwords (OTP) for customers using digital tokens within the next three months.
This initiative aims to enhance security and protect users from phishing scams, as announced by the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) on Tuesday.
Customers who have activated digital tokens on their mobile devices will no longer require OTPs to log into their bank accounts via browsers or mobile banking apps. This change is intended to mitigate risks associated with OTP theft or deception by scammers.
MAS and ABS emphasized the importance of activating digital tokens to reduce the vulnerability of credentials being phished. They highlighted that last year alone, Singapore saw losses amounting to $14.2 million due to phishing scams, which remain a significant cyber threat despite the introduction of OTPs in the 2000s for added security.
While acknowledging that this adjustment may cause some inconvenience, ABS Director Ong-Ang Ai Boon underscored its necessity in preventing scams and safeguarding customers’ interests. MAS’s Assistant Managing Director, Loo Siew Yee, affirmed the commitment to combating digital banking scams through collaborative efforts with financial institutions.
The move reflects ongoing efforts to fortify authentication processes. It underscores the importance of maintaining good cyber hygiene practices among banking customers.