Home Banks phase out one-time passwords

Banks phase out one-time passwords

July 15th — In Singapore, the Monetary Authority has mandated that all major retail banks phase out one-time passwords (OTPs) within three months. Doing so is expected to enhance consumer protections in regards to phishing and smishing scams.

In the 2000s, OTPs were introduced to make security processes easier for users, but have since become vulnerable to a variety of cyber threats.

What’s next

Instead of OTPs, Singaporean banks will adopt digital tokens for customer authentication, which are already in use by a significant percentage of customers across major banks. These tokens will provide a more secure alternative to OTPs.

The transition to digital tokens reflects a shift in the banking landscape, underscoring a commitment to staying ahead of cyber threats and preserving consumer trust.

Through this initiative, we’re seeing the banking sector’s proactive approach to cyber security; an approach that aligns with global trends around implementing stronger authentication mechanisms.

CISO implications

  • The three-month timeline in which major banks are expected to implement this change is quite aggressive. CISOs should note this as a benchmark for how quickly significant security changes can be mandated and implemented.
  • As institutions transition to new security modalities, it’s critical for cyber security leaders and organizational leaders to provide user education around new systems. CISOs may wish to consider how they would manage this type of transition within their own organizations.
  • With authentication moving to mobile devices, cyber security is more critical than ever before. CISOs are encouraged to review existing mobile security policies and measures, and to upgrade cyber security as needed.

Further thoughts

This banking sector development underscores the need for all organizations to remain agile and proactive to stay cyber secure. Organizations must constantly evaluate and reevaluate potential threat vectors, weigh probabilities, and refine cyber security policies, processes and procedures accordingly.

For more on this story, click here. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.