Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) announced today that major retail banks will phase out the use of One-Time Passwords (OTPs) for bank account logins within the next three months.

This change will apply to customers who have activated their digital tokens on mobile devices, aiming to protect them against phishing scams better.

Digital Tokens to Replace OTPs

According to the Monetary Authority of Singapore (MAS) reports, customers who have activated digital tokens on their mobile devices will now use them to log in to their bank account via browsers or mobile banking apps.

The digital token will authenticate logins without needing an OTP, which scammers can potentially steal or trick customers into disclosing.

Those who have not yet activated their digital tokens are strongly encouraged to do so to reduce the risk of phishing attacks. OTPs were introduced in the 2000s as a multi-factor authentication method to bolster online security.

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files

However, technological advancements and sophisticated social engineering tactics have made it easier for scammers to phish for OTPs, often through fake bank websites that closely mimic legitimate ones.

This new measure is expected to strengthen the authentication process, making it more difficult for scammers to access customer accounts and funds fraudulently without explicit authorization via mobile devices.

Ongoing Efforts to Combat Phishing Scams

Phishing scams continue to be a significant concern in Singapore. Banks are working closely with MAS and the Singapore Police Force to develop and introduce solutions to strengthen collective resistance against evolving scam tactics.

Mrs. Ong-Ang Ai Boon, Director of ABS, emphasized the importance of this measure, stating, “This measure provides customers with further protection against unauthorized access to their bank accounts. While they may cause some inconvenience, such measures are necessary to help prevent scams and protect customers.”

Ms. Loo Siew Yee, Assistant Managing Director (Policy, Payments & Financial Crime) at MAS, added, that MAS continues to work closely with banks to protect consumers by leaning hard against digital banking scams.

This latest measure will complement good cyber hygiene practices that customers must continue to practice, such as safeguarding their banking credentials.

As Singapore banks transition away from OTPs, customers are urged to activate their digital tokens and stay vigilant against phishing attempts to ensure their online banking security.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo