Three main retail banks in Singapore are slated to retire using one-time passwords (OTPs) for patrons who’ve digital tokens, in a transfer that goals to fight phishing scams.
To be phased out throughout the subsequent three months, OTPs will stay obtainable to clients of the three banks — DBS, OCBC, and UOB — who nonetheless depend on bodily tokens. These customers, nonetheless, are “strongly inspired” to activate their digital tokens to higher safeguard their credentials towards phishing assaults, in line with a joint statement launched Tuesday by trade regulator Financial Authority of Singapore (MAS) and The Affiliation of Banks in Singapore (ABS).
Additionally: Banks must move past PIN, OTP to ensure mobile security
With the phasing out of OTPs, clients should use their digital tokens on their cellular gadgets for authentication after they log into their checking account or cellular banking app.
OTPs had been launched in Singapore within the 2000s as an MFA (multi-factor authentication) choice, however social engineering techniques since then have grown extra refined alongside technological developments. These have enabled scammers to achieve entry extra simply to clients’ OTPs by way of phishing assaults — for instance, by means of fraudulent financial institution web sites created to resemble real ones.
Retiring using OTPs will improve the consumer authentication course of and make it harder for scammers to entry buyer financial institution accounts and funds, with out clients’ specific authorization by means of their cellular gadgets.
Phishing attacks had been among the many top five scam classes final yr in Singapore, accounting for SG$14.2 million ($10.52 million) misplaced by means of these scams, in line with Singapore Police Power’s (SPF) annual scams and cybercrime 2023 report.
Native banks have been working with MAS and regulation enforcement to implement measures that deal with this menace panorama, the trade regulator mentioned.
“Whereas they might give rise to some inconvenience, such measures are needed to assist stop scams and shield clients,” mentioned ABS director Ong-Ang Ai Boon.
Additionally: Banks defending their right to security are missing the point about consumer trust
MAS final October laid out a framework detailing parties that should be held responsible for phishing scams, with banks and telcos taking up accountability for the primary line of protection.
Scams and cybercrime instances in Singapore climbed 49.6% final yr, with the variety of instances hitting 50,376, up from 33,669 instances in 2022. Scams accounted for 92.4% of total instances, SPF’s numbers revealed.
The police power works with varied establishments, together with fintech firms and cryptocurrency platforms, by way of its Anti-Rip-off Command workplace to freeze accounts and get better funds to reduce losses. Greater than 19,600 financial institution accounts had been frozen in 2023 primarily based on investigations by the Anti-Rip-off Command Centre, recovering greater than SG$100 million.
The middle additionally works with native telcos and e-commerce platforms on anti-scam measures, terminating greater than 9,200 cellular traces and 29,200 WhatsApp traces final yr that had been suspected of being utilized in scams.
