banking has become a mainstream electronic delivery
channel for a large number of banks. Bank customers
regularly log into banks’ websites to conduct
a wide range of both personal and business banking
In recent years, there has been a marked rise
in the sophistication and rate of online phishing
scams and other targeted attacks on internet
banking. Given the rapid increase in the capture
or misappropriation of customer PINs by hackers
and cyber criminals globally, there are growing
doubts about the continuing reliance on single-factor
PINs for internet access to customer accounts
and financial transactions.
Since 2003, MAS has encouraged banks to adopt
two-factor authentication for internet banking.
On 25 November 2005 through a security advisory
issued to banks, we set out our expectation that
two-factor authentication at login for all types
of internet banking systems should be implemented
by 31 December 2006. Financial regulators in
other countries have also issued similar guidelines
on two-factor authentication.