Three main retail banks in Singapore are slated to retire using one-time passwords (OTPs) for purchasers who’ve digital tokens, in a transfer that goals to fight phishing scams.
To be phased out throughout the subsequent three months, OTPs will stay out there to prospects of the three banks — DBS, OCBC, and UOB — who nonetheless depend on bodily tokens. These customers, nevertheless, are “strongly inspired” to activate their digital tokens to raised safeguard their credentials in opposition to phishing assaults, in accordance with a joint assertion launched Tuesday by business regulator Financial Authority of Singapore (MAS) and The Affiliation of Banks in Singapore (ABS).
Additionally: Banks should transfer previous PIN, OTP to make sure cell safety
With the phasing out of OTPs, prospects must use their digital tokens on their cell gadgets for authentication once they log into their checking account or cell banking app.
OTPs had been launched in Singapore within the 2000s as an MFA (multi-factor authentication) possibility, however social engineering techniques since then have grown extra refined alongside technological developments. These have enabled scammers to realize entry extra simply to prospects’ OTPs through phishing assaults — for instance, by means of fraudulent financial institution web sites created to resemble real ones.
Retiring using OTPs will improve the person authentication course of and make it harder for scammers to entry buyer financial institution accounts and funds, with out prospects’ specific authorization by means of their cell gadgets.
Phishing assaults had been among the many high 5 rip-off classes final 12 months in Singapore, accounting for SG$14.2 million ($10.52 million) misplaced by means of these scams, in accordance with Singapore Police Power’s (SPF) annual scams and cybercrime 2023 report.
Native banks have been working with MAS and regulation enforcement to implement measures that deal with this menace panorama, the business regulator mentioned.
“Whereas they might give rise to some inconvenience, such measures are needed to assist stop scams and defend prospects,” mentioned ABS director Ong-Ang Ai Boon.
Additionally: Banks defending their proper to safety are lacking the purpose about client belief
MAS final October laid out a framework detailing events that ought to be held accountable for phishing scams, with banks and telcos taking over accountability for the primary line of protection.
Scams and cybercrime circumstances in Singapore climbed 49.6% final 12 months, with the variety of circumstances hitting 50,376, up from 33,669 circumstances in 2022. Scams accounted for 92.4% of total circumstances, SPF’s numbers revealed.
The police pressure works with numerous establishments, together with fintech firms and cryptocurrency platforms, through its Anti-Rip-off Command workplace to freeze accounts and get better funds to scale back losses. Greater than 19,600 financial institution accounts had been frozen in 2023 based mostly on investigations by the Anti-Rip-off Command Centre, recovering greater than SG$100 million.
The middle additionally works with native telcos and e-commerce platforms on anti-scam measures, terminating greater than 9,200 cell traces and 29,200 WhatsApp traces final 12 months that had been suspected of being utilized in scams.
