Singapore’s banks to ditch texted one-time passwords

Singapore's banks to ditch texted one-time passwords

July 11, 2024 at 11:35PM

Singapore will phase out one-time passwords (OTPs) for bank logins and move to digital tokens within three months. This change aims to improve protection against phishing attacks. While smartphone ownership is high, concerns remain about accessibility for groups such as the elderly. The shift reflects global trends in digital banking security.

Based on the meeting notes, the major retail banks in Singapore will gradually phase out the use of One-Time Passwords (OTPs) for bank account logins for digital token users within the next three months. The move is aimed at better protecting against phishing attempts and encouraging the use of digital tokens as the source of second-factor authentication. The initiative comes in response to scammers exploiting the current OTP system, even though it was considered a two-factor authentication method.

There is a concern about the impact on groups such as neo-Luddites and the elderly who may not have or want mobile phones, as dedicated physical tokens are also being phased out. The authorities have recognized the digital inclusivity challenge and are working on outreach programs for certain segments of the population, particularly lower-income seniors.

While smartphone ownership in Singapore is widespread, with 97 percent reported in 2023, the issue of enabling 2FA and keeping smartphones up to date is particularly prominent among residents aged 60 and above. Despite potential accessibility concerns, the shift in cybersecurity practices represents a global trend in digital banking security, with Singapore at the forefront of these developments.

Full Article