Jump to content
  • Banks in Singapore to phase out one-time passwords in 3 months


    Karlston

    • 276 views
    • 2 minutes
     Share


    • 276 views
    • 2 minutes

    The Monetary Authority of Singapore (MAS) has announced a new requirement impacting all major retail banks in the country to phase out the use of one-time passwords (OTPs) within the next three months.

     

    This initiative was agreed upon between the government and the Association of Banks in Singapore (ABS) to protect consumers against phishing and other scams.

     

    "The use of OTP was introduced in the 2000s as a multi-factor authentication option to strengthen online security," reads the MAS announcement.

     

    "However, technological developments and more sophisticated social engineering tactics have since enabled scammers to more easily phish for customers' OTP, for example through setting up fake bank websites that closely resemble the genuine websites."

     

    In addition to phishing sites, OTPs have been the target of Android malware for many years, helping their operators bypass two-factor authentication protections on target accounts.

     

    This has prompted Google to take more aggressive action against the abuse of the 'RECEIVE_SMS,' 'READ_SMS,' and 'BIND_Notifications' permissions this year, with Singapore being among the first countries to receive the new protections.

     

    Additionally, OTPs can be intercepted by man-in-the-middle attacks, and if they're SMS-based, they can be intercepted by threat actors who conduct SIM-swapping attacks.

     

    Singapore bank customers will now use digital tokens instead of OTPs, which they must activate on their mobile devices.

     

    According to ABS, digital tokens are already activated for 60% to 90% of the customers of the country's three major banks: DBS, OCBC, and UOB.

     

    "The digital token will authenticate customers' login without the need for an OTP that scammers can steal, or trick customers into disclosing," explains MAS.

     

    Those who have not activated their digital tokens are strongly encouraged to do so soon to benefit from better security against phishing actors and scammers.

     

    Customers who don't activate digital tokens will continue to receive OTPs as before, but those are expected to be an increasingly dwindling minority.

     

    Source

     

    Hope you enjoyed this news post.

    Thank you for appreciating my time and effort posting news every single day for many years.

    2023: Over 5,800 news posts | 2024 (till end of June): 2,839 news posts


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...