July 15, 2024 at 04:27AM
In Singapore, retail banks must eliminate one-time passwords (OTPs) for online authentication within three months to combat phishing. The Monetary Authority of Singapore and The Association of Banks in Singapore made the decision. With a rise in scams, customers are urged to activate digital tokens to protect against unauthorized account access and financial fraud.
Key takeaways from the meeting notes on Newsroom Cybersecurity / Mobile Security:
– Retail banking institutions in Singapore have been directed by the Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) to phase out the use of one-time passwords (OTPs) for online account authentication within three months. Customers will be required to use digital tokens for authentication instead of OTPs.
– The move aims to protect customers from phishing attacks and unauthorized access to their bank accounts, as cybercriminals have developed techniques to harvest OTP codes and exploit them for financial fraud.
– Cybersecurity experts have highlighted the emergence of sophisticated phishing toolkits, such as FishXProxy, which enable attackers to conduct multi-layered email phishing attacks while evading security measures. These kits utilize advanced techniques like HTML smuggling to bypass security controls.
– Google has introduced a pilot program in Singapore to prevent the installation of certain apps that abuse Android app permissions to read OTPs and collect sensitive data, in response to the rise of mobile malware.
The meeting notes underscore the evolving cybersecurity landscape and the proactive measures being taken by financial institutions and technology companies to mitigate the risks associated with OTP-based authentication and phishing attacks.