Major banks in Singapore will begin phasing out the use of one-time passwords (OTP) for bank account logins by customers who are digital token users.
These banks include DBS, OCBC and UOB.
The move, which will be implemented within the next three months, will protect bank users against phishing scams, the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) said in a press release on Tuesday (July 9).
Bank customers who are using physical tokens will not be affected.
Customers who have activated their digital token on their mobile device will have to use them for bank account logins via the browser or the mobile banking app, MAS and ABS said.
The digital token will authenticate customers' login without the need for an OTP, which scammers can steal or trick them into disclosing, they added.
"Customers who have not activated their digital tokens are strongly encouraged to do so, to lower the risk of having their credentials phished," MAS and ABS said.
$14.2m lost to phishing scams last year
Introduced in the 2000s, OTPs were seen as a multi-factor authentication option to strengthen online security.
But technological developments and more sophisticated social engineering tactics have since enabled scammers to phish for customers' OTP, MAS and ABS said.
Phishing scams were among the top five ruses in Singapore last year with at least $14.2 million lost, according to data released by the Singapore Police Force earlier this year.
"This latest measure will strengthen the authentication process, making it harder for scammers to fraudulently access a customer's account and funds without the customer's explicit authorisation using his mobile device," they added.
Director of ABS Ong-Ang Ai Boon said that while this measure may give rise to some inconvenience, it is necessary to help prevent scams and protect customers.
"MAS continues to work closely with banks to protect consumers by leaning hard against digital banking scams," Loo Siew Yee, MAS's assistant managing director (policy, payments and financial crime), added.
"This latest measure will complement good cyber hygiene practices that customers must continue to practise, such as safeguarding their banking credentials."
ALSO READ: 'Banks do not send SMS with links': $446k already lost to scams in 2024
chingshijie@asiaone.com