Singaporean authorities have determined that one-time passwords (OTPs) are too vulnerable to be used in the city-state’s banking sector. The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) have determined that retail banks will have to phase out the security mechanism over the next few months, and to replace OTPs with digital tokens.
The MAS is Singapore’s central bank and financial regulatory authority responsible for overseeing the financial industry, ensuring financial stability, and promoting sustainable economic growth. It formulates policies related to banking, insurance, securities, and the overall financial sector.
The ABS, meanwhile, is an industry association representing the interests of the banking community in Singapore. ABS works to promote best practices, improve industry standards, and enhance the professionalism and capabilities of banks operating in the country.
Both MAS and ABS collaborate on initiatives to strengthen the financial system and protect consumers. And they evidently think digital tokens are a push in that direction. These tokens generate one-time passwords on a user’s smartphone, providing an extra layer of security for online transactions and account logins. Unlike SMS-based OTPs, which can be intercepted or manipulated by scammers, digital tokens rely on the cryptographic capabilities of the smartphone to produce secure, time-sensitive codes.
The method is seen as reducing the risk of phishing attacks where fraudsters trick users into disclosing their OTPs. But digital tokens are not immune to vulnerabilities. One counterargument is that digital tokens rely heavily on smartphones, which themselves can be targets for sophisticated cyberattacks. Malware and phishing apps can compromise smartphones, potentially capturing OTPs generated by digital tokens. And if a smartphone is lost or stolen, unauthorized individuals might gain access to the token app if the device is not adequately secured.
Nevertheless, Singapore’s financial authorities appear to think the main problem with digital tokens is the inconvenience in comparison to SMS 2FA. In a statement, ABS Director Ong-Ang Ai Boon said that “while they may give rise to some inconvenience, such measures are necessary to help prevent scams and protect customers.”
Source: The Register
–
July 16, 2024 – by Alex Perala
Related News
Singapore Mandates Selfie Check for High-Risk Bank Transactions
Identity News Digest – July 17 2024
New Ford Vehicle Security Patents Cover Biometrics, Risk Signals
Shanghai University Researchers Claim Success in Quantum Hack of RSA Encryption
Kazakhstan to Launch National System for Biometric Authentication by Year’s End: PM
‘Leading U.S.-based Social Media Company’ Tests Zwipe Access Card
Follow Us