SINGAPORE: Bank customers in Singapore who use digital tokens will soon be unable to use one-time passwords (OTPs) to log into their bank accounts.

The move was announced by the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) in a joint news release on Tuesday (July 9), as part of efforts to better protect customers against phishing.

Major retail banks in Singapore will phase out the use OTPs for account login for customers who are digital token users within the next three months. These include the three local banks: DBS Bank, OCBC Bank and UOB.

Customers who are using physical tokens will not be affected.

Customers who have activated their digital token on their mobile device will have to use it when they log into their bank account via an internet browser or a mobile banking app.

The digital token will authenticate customers’ login without the need for an OTP, which scammers can steal or trick the customer into disclosing, MAS and ABS said.

The feature is integrated into mobile banking apps and often requires biometric or face recognition to authenticate logins or transactions.

“Customers who have not activated their digital tokens are strongly encouraged to do so, to lower the risk of having their credentials phished,” they added.

Phishing scams were among the top five scam types here in 2023, with victims losing at least $14.2 million in total, according to annual police figures.

The use of OTP was introduced in the 2000s as a multi-factor authentication option to boost online security.

However, MAS and ABS noted that technological developments and more sophisticated social engineering tactics have since enabled scammers to more easily phish for customers’ OTPs, such as setting up fake bank websites that closely resemble the real ones.

“This latest measure will strengthen the authentication process, making it harder for scammers to fraudulently access a customer’s account and funds without the customer’s explicit authorisation using his mobile device,” they said.

Ong-Ang Ai Boon, director of ABS, said: “While they may give rise to some inconvenience, such measures are necessary to help prevent scams and protect customers.”

MAS’ assistant managing director (policy, payments and financial crime) Loo Siew Yee added that the authority “continues to work closely with banks to protect consumers by leaning hard against digital banking scams”.

“This latest measure will complement good cyber hygiene practices that customers must continue to practise, such as safeguarding their banking credentials,” she said. - The Straits Times/ANN