MAS Tells Banks To Make Online Services Safer
NEW LINE OF DEFENCE: One possibility is a pager-like device which generates random codes for Net banking users to type in. Many priority customers already use one, but it may be extended to all users. -- MUGILAN RAJASEGERAN
INTERNET banking users are likely to be asked to carry a pager-like device and key in two passwords in the near future, after the authorities issued the toughest guidelines for online transactions to date.
In a letter to bank CEOs last month, the Monetary Authority of Singapore (MAS) said it expected all Internet banking systems to offer what is known as 'two-factor authentication' by December next year.
The government regulator also expressed 'serious doubts' about the security on current systems.
The new rules will mean users not only have to log in with their current passwords, but will have to authenticate their identities, by keying in randomly-generated numbers from a pager-like device, for example.
The added security, already offered to priority and corporate customers by some banks, will likely be extended to every Internet banking user, say industry sources, although it is unclear if users will have to pay the estimated US$10 (S$16.60) cost of the devices.
MAS spokesman Calisa Yip said users were generally in favour of more security.
In its letter, MAS said there was now the increased threat of 'direct attacks', which include computer viruses and fake websites set up by hackers to steal passwords.
Up to now, the government regulator has only 'encouraged' banks to offer this kind of security, despite the high-profile hacking of 21 DBS online accounts three years ago.
Since then, Net banking has become more popular - and has attracted more cyber thieves.
About 40 per cent of Singaporean Net users aged 15 and over banked online last year, says the Infocomm Development Authority. This is up from 27.4 per cent in 2002.
Sources say DBS, which has 800,000 Net banking users, is currently testing a pager-like device, or security token, made by American security firm RSA Security.
These handheld devices flash a random number every 30 or 60 seconds, which a user has to key in to his computer when he logs in. The number is generated on the device itself, so it works even when he goes overseas.
The number on the device is created with a secret algorithm, or formula, that is known to the bank's computers, ensuring only authorised users get through.
Said RSA's managing director for South Asia, Mr Ross Wilson: 'If you know how to key in a username and password, you'll be able to use the device.'
Similar devices are already given to some OCBC corporate customers and the bank is considering them for consumers as well.
The added security is already available to all of ABN Amro's 'few thousand' Net banking users here. HSBC plans to offer it next year, while UOB said it was considering several options.
Many users welcome the idea of added security, regardless of whether they will have to pay a nominal sum for it.
Mr Ray Sou, who runs an office supplies company and uses one of the devices, said he feels safe even when transferring hundreds of thousands of dollars online.
Said the OCBC customer: 'Even if a hacker has my password, he can't steal my funds without my handheld beeper.'
siewtha@sph.com.sg
Copyright © 2005 Singapore Press Holdings. All rights reserved. Privacy Statement & Condition of Access.
INTERNET banking users are likely to be asked to carry a pager-like device and key in two passwords in the near future, after the authorities issued the toughest guidelines for online transactions to date.
In a letter to bank CEOs last month, the Monetary Authority of Singapore (MAS) said it expected all Internet banking systems to offer what is known as 'two-factor authentication' by December next year.
The government regulator also expressed 'serious doubts' about the security on current systems.
The new rules will mean users not only have to log in with their current passwords, but will have to authenticate their identities, by keying in randomly-generated numbers from a pager-like device, for example.
The added security, already offered to priority and corporate customers by some banks, will likely be extended to every Internet banking user, say industry sources, although it is unclear if users will have to pay the estimated US$10 (S$16.60) cost of the devices.
MAS spokesman Calisa Yip said users were generally in favour of more security.
In its letter, MAS said there was now the increased threat of 'direct attacks', which include computer viruses and fake websites set up by hackers to steal passwords.
Up to now, the government regulator has only 'encouraged' banks to offer this kind of security, despite the high-profile hacking of 21 DBS online accounts three years ago.
Since then, Net banking has become more popular - and has attracted more cyber thieves.
About 40 per cent of Singaporean Net users aged 15 and over banked online last year, says the Infocomm Development Authority. This is up from 27.4 per cent in 2002.
Sources say DBS, which has 800,000 Net banking users, is currently testing a pager-like device, or security token, made by American security firm RSA Security.
These handheld devices flash a random number every 30 or 60 seconds, which a user has to key in to his computer when he logs in. The number is generated on the device itself, so it works even when he goes overseas.
The number on the device is created with a secret algorithm, or formula, that is known to the bank's computers, ensuring only authorised users get through.
Said RSA's managing director for South Asia, Mr Ross Wilson: 'If you know how to key in a username and password, you'll be able to use the device.'
Similar devices are already given to some OCBC corporate customers and the bank is considering them for consumers as well.
The added security is already available to all of ABN Amro's 'few thousand' Net banking users here. HSBC plans to offer it next year, while UOB said it was considering several options.
Many users welcome the idea of added security, regardless of whether they will have to pay a nominal sum for it.
Mr Ray Sou, who runs an office supplies company and uses one of the devices, said he feels safe even when transferring hundreds of thousands of dollars online.
Said the OCBC customer: 'Even if a hacker has my password, he can't steal my funds without my handheld beeper.'
siewtha@sph.com.sg
Copyright © 2005 Singapore Press Holdings. All rights reserved. Privacy Statement & Condition of Access.
Comments