The first banks are starting to abandon SMS codes

No more sending one-time passwords via text messages

In Singapore, for over 20 years, it has been allowed to send one-time passwords via text messages to facilitate logging into bank accounts. The decision has now been made to abandon this procedure. This authentication technique will cease to be used once and for all.

Major retail banks in Singapore will phase out the use of one-time passwords (OTPs) to log into bank accounts by customers who are digital token users over the next three months.

– we read in a statement from the Central Bank of Singapore.

SMS will be replaced by an app

The main reason for this decision is phishing protection, at least against attacks in which fraudsters steal login details. Instead, banks will encourage customers to use digital tokens – an application running on smartphones that generate OTP – as a source of second factor authentication for a bank account.

The move shouldn’t come as a surprise, considering scammers figured out how to cheat the current OTP system, despite it being two-factor.

– says Bryan Tan of the law firm Reed Smith.

What if a person doesn’t have or doesn’t want a phone? This mainly applies to the elderly and neo-Luddites – people who oppose technological progress. Physical tokens have also been withdrawn from Singapore. This question has not yet been answered.

One thing is for sure, sometimes there may be inconveniences that are necessary to prevent fraud and protect customers. Singapore has long been at the forefront of the most innovative cybersecurity practices. Many countries follow its example.

See: Devil’s phone in Bielsko. He answered it and learned a lesson for life
See: Strange calls are plaguing Poles. A large bank is on the trail