Article Details
Scrape Timestamp (UTC): 2024-07-12 03:33:48.262
Source: https://www.theregister.com/2024/07/12/singapore_banks_fight_phishing/
Original Article Text
Click to Toggle View
Singapore's banks to ditch texted one-time passwords. Accessibility be damned, preventing phishing is the priority. After around two decades of allowing one-time passwords (OTPs) delivered by text message to assist log ins to bank accounts in Singapore, the city-state will abandon the authentication technique. The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) announced on Tuesday that "major retail banks in Singapore will progressively phase out the use of One-Time Passwords (OTPs) for bank account login by customers who are digital token users within the next three months." The banks hope this will "better protect against phishing" – at least against attacks in which scammers trick customers into disclosing their OTP. Instead, MAS and ABS encourage the use of digital tokens –apps running on smartphones that produce OTPs – as the source of second factors for bank account authentication. Bryan Tan, partner at tech-centric law firm Reed Smith, told The Reg the move was "not unexpected given that scammers have figured out how to game the current OTP system notwithstanding that it was two factor." The Register asked ABS and MAS what measures, if any, will be taken to include those who don't have or want mobile phones – a situation Singapore recognized in 2020 when it created a device to substitute for its COVID-19 tracking app. It’s therefore unclear how the plan to ditch SMS 2FA will impact groups such as neo-luddites and the elderly, especially as dedicated physical tokens have also been a phased out in Singapore. We will update should a substantial reply materialize. However, in a canned statement, ABS director Ong-Ang Ai Boon reasoned that "while they may give rise to some inconvenience, such measures are necessary to help prevent scams and protect customers." Smartphone ownership in Singapore reached [PDF] 97 percent in 2023, but the country has had to engage in digital inclusivity outreach programs to certain parts of the population – including lower-income seniors. Only 46 percent of residents aged 60 and above were found to keep their smartphones up to date as of 2022. They also lagged behind on enabling 2FA and conducting security checks when making online transactions. Accessibility concerns aside, the move signifies a global pivot in cyber security practices and the evolution of digital banking security. Singapore routinely stays at the forefront of such practices.
Daily Brief Summary
The Monetary Authority of Singapore and the Association of Banks Singapore announced the phasing out of SMS-based OTPs for bank logins within three months, aiming to bolster security against phishing.
This decision reflects growing concerns about scammers exploiting the vulnerabilities of SMS OTPs, driving a shift towards more secure digital tokens for authentication.
Digital tokens, which generate OTPs on smartphones, are recommended as a safer alternative for securing bank account access.
Legal expert Bryan Tan views the move as a logical step given the increasing frequency of OTP-related scams.
Concerns have been raised about the inclusivity of this change, particularly affecting the elderly and those without smartphones, with no clear measures announced yet to address these issues.
Despite potential inconvenience, this strategic shift is part of broader efforts to enhance digital security and minimize scam risks in Singapore's banking sector.
Smartphone penetration in Singapore is high at 97% in 2023, yet challenges remain in ensuring all demographics maintain secure and up-to-date technology usage.