The Monetary Authority of Singapore and the Association of Banks in Singapore (ABS) recentlyClaimBanks will phase out one-time text password identity verification methods over the next three months and switch to a more secure app verification process, but this does not include the use of hardware key authentication methods.
This move is intended to prevent malicious individuals from using SIM swapping to intercept user authentication text message information, and then tampering with the text message content to trick users into clicking on phishing websites to obtain their financial account numbers and personal information.
Therefore, the Monetary Authority of Singapore and the Association of Banks in Singapore require domestic banks to adjust their user identity authentication methods, such as using digital tokens through mobile browsers or apps to ensure security when logging into online banking services.
Currently, digital tokens can be verified through apps and hardware, avoiding the tampering problem of traditional one-time text password authentication methods. However, considering the inconvenience of users having to carry extra data and the possibility that verification data may be intercepted by malicious programs, the Monetary Authority of Singapore and the Association of Banks in Singapore are not inclined to use hardware authentication methods. They encourage bankers to conduct verification and comparison through the cloud and apps to improve the convenience of service use.
