Three main retail banks in Singapore are slated to retire the usage of one-time passwords (OTPs) for patrons who’ve digital tokens, in a transfer that goals to fight phishing scams.
To be phased out inside the subsequent three months, OTPs will stay obtainable to prospects of the three banks — DBS, OCBC, and UOB — who nonetheless depend on bodily tokens. These customers, nevertheless, are “strongly inspired” to activate their digital tokens to raised safeguard their credentials towards phishing assaults, in response to a joint assertion launched Tuesday by trade regulator Financial Authority of Singapore (MAS) and The Affiliation of Banks in Singapore (ABS).
Additionally: Banks should transfer previous PIN, OTP to make sure cell safety
With the phasing out of OTPs, prospects must use their digital tokens on their cell units for authentication once they log into their checking account or cell banking app.
OTPs have been launched in Singapore within the 2000s as an MFA (multi-factor authentication) possibility, however social engineering techniques since then have grown extra refined alongside technological developments. These have enabled scammers to realize entry extra simply to prospects’ OTPs through phishing assaults — for instance, by way of fraudulent financial institution web sites created to resemble real ones.
Retiring the usage of OTPs will improve the consumer authentication course of and make it tougher for scammers to entry buyer financial institution accounts and funds, with out prospects’ specific authorization by way of their cell units.
Phishing assaults have been among the many high 5 rip-off classes final 12 months in Singapore, accounting for SG$14.2 million ($10.52 million) misplaced by way of these scams, in response to Singapore Police Drive’s (SPF) annual scams and cybercrime 2023 report.
Native banks have been working with MAS and legislation enforcement to implement measures that tackle this menace panorama, the trade regulator mentioned.
“Whereas they might give rise to some inconvenience, such measures are obligatory to assist forestall scams and shield prospects,” mentioned ABS director Ong-Ang Ai Boon.
Additionally: Banks defending their proper to safety are lacking the purpose about client belief
MAS final October laid out a framework detailing events that must be held accountable for phishing scams, with banks and telcos taking over accountability for the primary line of protection.
Scams and cybercrime circumstances in Singapore climbed 49.6% final 12 months, with the variety of circumstances hitting 50,376, up from 33,669 circumstances in 2022. Scams accounted for 92.4% of general circumstances, SPF’s numbers revealed.
The police drive works with varied establishments, together with fintech corporations and cryptocurrency platforms, through its Anti-Rip-off Command workplace to freeze accounts and recuperate funds to scale back losses. Greater than 19,600 financial institution accounts have been frozen in 2023 based mostly on investigations by the Anti-Rip-off Command Centre, recovering greater than SG$100 million.
The middle additionally works with native telcos and e-commerce platforms on anti-scam measures, terminating greater than 9,200 cell strains and 29,200 WhatsApp strains final 12 months that have been suspected of being utilized in scams.