Singapore will soon no longer use disposable passwords (OTP) delivered via SMS to access bank accounts. The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) made this announcement on Tuesday, July 9th.
Over the next three months, major retail banks in the country will phase out the use of OTPs for customers who already use digital tokens to access their accounts. This decision aims to enhance security against phishing attacks, where scammers trick customers into revealing one-time access codes.
Instead, MAS and ABS recommend using digital tokens, which are authenticators on smartphones that generate a new one-time password every 30 seconds. With these applications, potential victims may not even receive notifications of attempted account access, improving both security and peace of mind.
Legal expert Brian Tan from Reed Smith noted that the move was not surprising as scammers have found ways to bypass the current OTP system despite its two-factor authentication nature.
While the impact on individuals without access to or who prefer not to use modern smartphones remains a concern, Singapore previously addressed similar challenges in 2020 by developing a special physical tracker device for COVID-19 tracking.
ABS Director believes that despite potential inconveniences, these measures are crucial for preventing fraud and protecting customers. Despite the country’s high smartphone ownership rate of 97% in 2023, efforts continue to ensure digital inclusivity for elderly individuals with low incomes. Data from 2022 shows that only 46% of Singaporeans over 60 years old regularly update their smartphones and lag behind in activating two-factor authentication for online transactions.
Despite possible accessibility issues, this initiative signifies a global shift towards cybersecurity and the advancement of digital banking security. Singapore remains a leader in implementing such practices and serves as a model for other countries in financial technology and digital security.