Banks in Singapore to Strengthen Resilience Against Phishing Scams
Singapore, 9 July 2024… The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) today announced that major retail banks in Singapore will progressively phase out the use of One-Time Passwords (OTPs) for bank account login by customers who are digital token users within the next three months. This will better protect them against phishing.
2 Customers who have activated their digital token on their mobile device will have to use their digital tokens for bank account logins via the browser or the mobile banking app. The digital token will authenticate customers’ login without the need for an OTP that scammers can steal, or trick customers into disclosing. Customers who have not activated their digital tokens are strongly encouraged to do so, to lower the risk of having their credentials phished.
3 The use of OTP was introduced in the 2000s as a multi-factor authentication option to strengthen online security. However, technological developments and more sophisticated social engineering tactics have since enabled scammers to more easily phish for customers’ OTP, for example through setting up fake bank websites that closely resemble the genuine websites. This latest measure will strengthen the authentication process, making it harder for scammers to fraudulently access a customer's account and funds without the customer’s explicit authorisation using his mobile device.
4 Phishing scams remain a concern in Singapore
5 Mrs Ong-Ang Ai Boon, Director, ABS, said, “This measure provides customers with further protection against unauthorised access to their bank accounts. While they may give rise to some inconvenience, such measures are necessary to help prevent scams and protect customers.”
6 Ms Loo Siew Yee, Assistant Managing Director (Policy, Payments & Financial Crime), MAS, said, “MAS continues to work closely with banks to protect consumers by leaning hard against digital banking scams. This latest measure will complement good cyber hygiene practices that customers must continue to practise, such as safeguarding their banking credentials.”
***
Related News
-
Media ReleasesPublished Date: 01 November 2023
MAS Imposes Six-Month Pause on DBS Bank’s Non-Essential Activities as Bank Restores System Resilience
MAS has imposed a six-month pause on DBS Bank Ltd’s non-essential IT changes to ensure that the bank keeps sharp focus on restoring the resiliency resilience of its digital banking services.
-
Media ReleasesPublished Date: 20 March 2023
Credit Suisse Continues Operating Without Interruption in Singapore
MAS' statement on Credit Suisse's operations in Singapore after the announced takeover by UBS Group AG.
-
Media ReleasesPublished Date: 16 March 2023
MAS' Response to Queries on Credit Suisse
MAS' response to queries on Credit Suisse