29.8k unique visitors in the last 3 days

Singapore Banks to Phase Out OTPs

The banking authorities want customers to authenticate themselves via tokens on their mobile phones.

Major retail banks in Singapore will progressively withdraw the use of one-time passwords (OTPs) for authenticating customers logging on to their bank accounts in a bid to reduce the extent of phishing. A joint announcement by the Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) said that customers who have activated a digital token on their mobile phone have only three months before they can no longer receive OTPs for authentication. Other customers will be ‘strongly encouraged’ to switch to using a token on their phone to authenticate themselves. A representative of ABS noted that the change would cause some inconvenience for customers, but that…

…such measures are necessary to help prevent scams and protect customers.

This move sees Singapore emulate neighboring Malaysia. Last year the Malaysian central bank, Bank Negara Malaysia, prohibited authentication that used OTPs sent by SMS. That diktat ruffled some feathers amongst security experts who argued for the merits of using SMS as a ‘universal’ method of communication. However, it is telling that East Asia is now well ahead of Western countries in tightening the security nexus between telecoms and banking. Grandstanding by Western banks about the need for tighter security cannot disguise the fact that many were only beginning to introduce OTPs as a second authentication factor when East Asian authorities were investigating how to move beyond OTPs. Singapore is rightly addressing the weaknesses introduced when using insecure channels to transmit passwords and the ease with which passwords can be compromised using social engineering.

Click here to see the announcement on the MAS website.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email