The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) announced today that major retail banks will phase out the use of One-Time Passwords (OTPs) for bank account logins within the next three months.
This change will apply to customers who have activated their digital tokens on mobile devices, aiming to protect them against phishing scams better.
According to the Monetary Authority of Singapore (MAS) reports, customers who have activated digital tokens on their mobile devices will now use them to log in to their bank account via browsers or mobile banking apps.
The digital token will authenticate logins without needing an OTP, which scammers can potentially steal or trick customers into disclosing.
Those who have not yet activated their digital tokens are strongly encouraged to do so to reduce the risk of phishing attacks. OTPs were introduced in the 2000s as a multi-factor authentication method to bolster online security.
Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files
However, technological advancements and sophisticated social engineering tactics have made it easier for scammers to phish for OTPs, often through fake bank websites that closely mimic legitimate ones.
This new measure is expected to strengthen the authentication process, making it more difficult for scammers to access customer accounts and funds fraudulently without explicit authorization via mobile devices.
Phishing scams continue to be a significant concern in Singapore. Banks are working closely with MAS and the Singapore Police Force to develop and introduce solutions to strengthen collective resistance against evolving scam tactics.
Mrs. Ong-Ang Ai Boon, Director of ABS, emphasized the importance of this measure, stating, “This measure provides customers with further protection against unauthorized access to their bank accounts. While they may cause some inconvenience, such measures are necessary to help prevent scams and protect customers.”
Ms. Loo Siew Yee, Assistant Managing Director (Policy, Payments & Financial Crime) at MAS, added, that MAS continues to work closely with banks to protect consumers by leaning hard against digital banking scams.
This latest measure will complement good cyber hygiene practices that customers must continue to practice, such as safeguarding their banking credentials.
As Singapore banks transition away from OTPs, customers are urged to activate their digital tokens and stay vigilant against phishing attempts to ensure their online banking security.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…