“The use of OTP was introduced in the 2000s as a multi-factor authentication option to strengthen online security,” reads the MAS announcement.
One-time passwords (OTPs) must be phased out over the course of the next three months, according to a new mandate released by the Monetary Authority of Singapore (MAS) and affecting all major retail banks in the nation.
The Association of Banks in Singapore (ABS) and the government came to an agreement on this endeavor to safeguard customers from phishing and other fraudulent schemes.
“The use of OTP was introduced in the 2000s as a multi-factor authentication option to strengthen online security,” reads the MAS announcement.
“However, technological developments and more sophisticated social engineering tactics have since enabled scammers to more easily phish for customers’ OTP, for example, by setting up fake bank websites that closely resemble the genuine websites.”
Apart from phishing websites, Android malware has long targeted OTPs, enabling its operators to circumvent two-factor authentication safeguards on target accounts.
Due to this, Google has decided to take more drastic measures this year to combat the misuse of the ‘RECEIVE_SMS,’ ‘READ_SMS,’ and ‘BIND_Notifications’ permissions. Singapore is one of the first nations to benefit from these new safeguards.
Furthermore, OTPs are susceptible to interceptions through man-in-the-middle attacks and, in the event that they are SMS-based, by threat actors using SIM-swapping assaults.
Customers of Singaporean banks will no longer need to activate OTPs on their mobile devices; instead, digital tokens will be used in their place.
Sixty to ninety percent of DBS, OCBC, and UOB clients have already had their digital tokens activated, according to ABS.
“The digital token will authenticate customers’ logins without the need for an OTP that scammers can steal or trick customers into disclosing,” explains MAS.
It is highly recommended that those who have not yet activated their digital tokens do so right away in order to take advantage of improved security against con artists and phishers.
The percentage of customers who do not activate digital tokens will still receive OTPs, but it is anticipated that they will become fewer and fewer in number.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.