Banks to start phasing out OTPs for account logins by digital token users

Banks to start phasing out OTPs for account logins by digital token users


Customers will have to use their tokens for bank account logins either via the browser or the mobile banking app

MAJOR retail banks in Singapore will begin phasing out the use of one-time passwords (OTPs) for account login by digital token users within the next three months.

Customers with activated digital tokens on their mobile devices will have to use the tokens for bank account logins either via the browser or the mobile banking app.

The digital token will authenticate customers’ logins without the need for an OTP that scammers can steal or trick customers into disclosing, said the Monetary Authority of Singapore (MAS) and The Association of Banks (ABS) in Singapore on Tuesday (Jul 9). Those who have not activated their digital tokens are also “strongly encouraged” to do so, as it would lower the risk of having their credentials stolen, they added.

The use of OTP was introduced in the 2000s as a multi-factor authentication option to strengthen online security.

But technological developments and more sophisticated social engineering tactics have enabled scammers to more easily phish for customers’ OTPs, said MAS and ABS.

Phishing scams were among the top five ruses Singaporeans fell prey to in 2023, with at least S$14.2 million lost, according to data released by the Singapore Police Force earlier this year.

BT in your inbox

Start and end each day with the latest news stories and analyses delivered straight to your inbox.

Hence, the newest measure will make it harder for scammers to access a customer’s accounts and funds without the customer’s explicit authorisation through his mobile device, said both companies.

Ong-Ang Ai Boon, director of ABS, said: “This measure provides customers with further protection against unauthorised access to their bank accounts. While they may give rise to some inconveniences, such measures are necessary to help prevent scams and protect customers.”

Over at Citibank Singapore, Nilesh Kumar, head of digital channels and experience said that Citibank customers transacting with 3D-Secure merchants or through Citiphone will receive push notifications on their Citi Mobile App for authentication.

Customers transacting on the website Citibank Online can use their Citi Mobile App to scan a QR code. SMS OTP have been phased out in place of authentication via the digital token for customers enrolled on the token since 2023.



Source link

Leave a Reply