The Monetary Authority of Singapore has announced that all major retail banks in Singapore will phase out one-time passwords (OTPs) within the next three months. This move, agreed upon with the Association of Banks in Singapore, aims to better protect consumers against phishing, fraud and scams.
Since their introduction in the 2000s, OTPs have been a widely used multi-factor authentication method to enhance online security. However, over the past three decades, hackers have developed numerous techniques to steal OTPs. They can bypass this authentication factor through fake websites, fraudulent calls and texts, malware, or SIM-swapping attacks. These vulnerabilities have prompted Singapore to advance its authentication technology.
Singapore bank customers will now use digital tokens instead of OTPs, which they must activate on mobile devices. According to the Association of Banks in Singapore, digital tokens are already activated for 60% to 90% of the customers of the country’s three major banks: DBS, OCBC, and UOB.
“The digital token will authenticate customers’ login without the need for an OTP that scammers can steal or trick customers into disclosing,” explains the Monetary Authority of Singapore. Those who have not yet activated their digital tokens are strongly encouraged to do so soon to benefit from better security against phishing and scams. Customers who don’t activate digital tokens will continue to receive OTPs as before, but this group is expected to become an increasingly small minority.
