MAS Enhancing Banking Security in Singapore

In a decisive move to bolster defences against phishing scams, the Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) have announced that major retail banks in Singapore will begin phasing out the use of One-Time Passwords (OTPs) for customers who use digital tokens. This transition will take place over the next three months, significantly enhancing security for bank account logins.

Customers who have activated their digital tokens on their mobile devices will be required to use these tokens for logging into their bank accounts, whether via a browser or mobile banking app. The digital tokens will authenticate logins without needing an OTP, which scammers often steal or trick customers into disclosing. Customers who have not yet activated their digital tokens are strongly encouraged to do so, reducing the risk of phishing attacks.

OTPs were initially introduced in the 2000s as a multi-factor authentication method to fortify online security. However, advancements in technology and increasingly sophisticated social engineering tactics have made it easier for scammers to phish for OTPs, often by creating fake bank websites that closely mimic the genuine ones. By enhancing the authentication process, this new measure aims to make it significantly more challenging for scammers to fraudulently access customer accounts and funds without explicit authorisation via the customer’s mobile device.

Phishing scams continue to be a significant concern in Singapore. Banks are working closely with MAS and the Singapore Police Force to develop and implement solutions to strengthen collective resistance against the ever-evolving landscape of scams.

Mrs Ong-Ang Ai Boon, Director of ABS, emphasised the importance of these measures, “This initiative provides customers with additional protection against unauthorised access to their bank accounts. While these measures might cause some inconvenience, they are essential to prevent scams and protect our customers.”

Ms Loo Siew Yee, Assistant Managing Director (Policy, Payments & Financial Crime) at MAS, reinforced the commitment to consumer protection, “MAS continues to collaborate closely with banks to safeguard consumers by aggressively countering digital banking scams. This latest measure will complement good cyber hygiene practices that customers must continue to follow, such as protecting their banking credentials.”

Phishing scams were among the top five scam types last year, with at least SG$14.2 million lost to these scams, according to the Singapore Police Force Annual Scams and Cybercrime Brief 2023.

In response to concerns from Members of Parliament about protecting bank customers from scams, MAS and other government agencies are intensifying efforts to combat scams in collaboration with the banking industry.

MOS Sun Xueling from the Ministry of Home Affairs will provide further details on these efforts, including anti-malware controls by banks and the Shared Responsibility Framework (SRF), which holds financial institutions and telecommunications companies accountable to consumers.

MAS and the Infocomm Media Development Authority (IMDA) have introduced a consultation paper on the SRF to address phishing scams. This framework assigns duties to financial institutions and telcos to mitigate scam risks and mandates payouts to victims in case of breaches. Building on previous initiatives, the SRF requires sending transaction notifications and implementing scam filters, holding FIs and Telcos accountable for losses in case of breaches.

These efforts have shown positive results, with phishing cases decreasing by 16% and losses by 14% in 2023. This decline is attributed to enhanced security measures, such as anti-malware features on banking apps. However, MAS acknowledges that more work is needed to strengthen anti-scam controls, including improving fraud surveillance and enhancing authentication measures.

MAS remains dedicated to further strengthening measures to safeguard bank customers. Collaborative efforts between government agencies, financial institutions, and the public are essential to effectively combat scams and protect consumers in an increasingly digital landscape.