- Joined
- Jan 19, 2011
- Messages
- 1,170
- Points
- 0
LOCAL banks will roll out new tokens with additional security capabilities for Internet banking.
In the lead is DBS Bank, which will distribute new tokens to its 1.7 million e-banking users from this month in a bid to fend off increasingly sophisticated cyberattacks. The capabilities will be activated in the fourth quarter next year.
The extra layer of security will require e-banking customers to input details such as their account numbers and transaction amounts.
United Overseas Bank said it will replace existing tokens some time next year, while OCBC Bank will issue tokens by the end of next year.
The Monetary Authority of Singapore said financial institutions are expected to implement the new feature, called transaction signing, for their Internet- banking platforms by the end of next year.
The Association of Banks in Singapore (ABS) explained that transaction signing is intended for high-risk online transactions such as the setting up of new third-party payees and ad-hoc transfers.
These tokens can also be used to enhance security for transactions in other banking channels, such as phone and mobile banking. Each bank will issue its own security token rather than outsource it, said ABS director Ong-Ang Ai Boon.
She said: "Although fraud statistics for online-banking transactions in Singapore remain low, the banks are not complacent.
"The banks are continually investing in technology and processes to enhance the operating environment, ensuring that banking transactions remain safe and secure for consumers."
During a press conference to introduce the new device at DBS Building yesterday, a DBS spokesman said the bank introduced the new token to protect customers from the rising cases and complexity of online attacks.
The one-time password generated by current tokens runs the risk of being stolen by hackers, who may trick customers into keying the password into fake Internet-banking sites.
Unlike the one-button token, the new keypad token will allow customers to input specific transaction details, such as the payee's account number and transaction amount.
If hackers modify the transaction details, banks will be able to spot the discrepancy.
Customers told my paper that they do not mind the extra hassle in exchange for more secure e-banking.
Ms Charlene Ho, 24, a public-relations executive who uses the online-banking token, said: "Added security is always good. It may be a little more troublesome, but it's better to be safe than sorry. After all, it'll just involve keying in a few more digits."
Administrative assistant Kristie Chen, 27, said: "It's a little bit of a hassle, but if it prevents hackers from stealing my money, why not? As long as I don't have to remember additional passwords, it's fine."
Transaction signing will also be incorporated into a new universal token called OneKey. It will be available from this month.
Assurity Trusted Solutions, a subsidiary of the Infocomm Development Authority, runs the national authentication system and manages OneKey.
Mr Sandeep Lal, DBS' managing director of consumer banking group eBusiness, said DBS will not join the universal token system for now, but added that it is a "consideration that would be on the table".
"Before we actually outsource this, we would want to be comfortable that there's a track record in terms of operations," he said.
OCBC said it is evaluating the possibility of using OneKey.
UOB said it has an existing infrastructure and in-house expertise to support transaction signing, and that it is exploring options with Assurity Trusted Solutions.
