The Monetary Authority of Singapore (MAS) has announced a regulatory change that will require all major retail banks in the country to discontinue the use of one-time passwords (OTPs) within the next three months.
The initiative was jointly launched by the federal government and the Association of Banks in Singapore to protect consumers from phishing and other types of scams.
“One-Time Password (OTP) emerged in the early 2000s as a game-changing multi-factor authentication solution designed to significantly enhance online security.”
Despite advancements in technology and more sophisticated social engineering tactics, scammers have been able to develop new methods to obtain customers’ one-time passwords (OTPs), such as by creating fake banking websites that closely mimic their legitimate counterparts.
Android malware has consistently targeted one-time passwords (OTPs), aiming to circumvent two-factor authentication safeguards and gain unauthorized access to online accounts.
Google has taken steps this year to address the abuse of the ‘RECEIVE_SMS’, ‘READ_SMS’, and ‘BIND_Notifications’ permissions, with Singapore being one of the initial countries to benefit from these enhanced protections.
Moreover, one-time passwords (OTPs) can be compromised by man-in-the-middle attacks, and when delivered via SMS, they may also be vulnerable to interception by malicious actors conducting SIM-swapping attacks?
Singapore-based financial institution customers are set to adopt a new authentication method, replacing traditional one-time passwords (OTPs) with digital tokens that require activation on mobile devices.
In alignment with ABS standards, digital tokens are issued to the customers of Singapore’s three major banks: DBS, OCBC, and UOB.
According to MAS, the digital token eliminates the need for one-time passwords (OTPs), which can be stolen or obtained through deceitful means by scammers, thereby authenticating clients’ logins securely.
Without hesitation, individuals who have yet to activate their digital tokens are urged to take prompt action to safeguard against the rising threat of phishing attacks and scammers.
As digital token activation becomes the norm, prospects that fail to do so will increasingly opt for traditional OTP methods, a trend likely to continue.
