Forum: Is security of online banking based solely on not losing one's phone?

Updated
Jan 22, 2021, 12:29 AM
Published
Jan 22, 2021, 12:27 AM

Initially, banks said we needed two-factor authentication to secure our online banking transactions.

It began with a one-time password (OTP) sent to our mobile phones, subsequently reinforced with physical tokens, as presumably, mobile phone OTPs could be intercepted or phones hacked.

Fast forward to today, and DBS Bank has joined other big banks in dropping the physical token from online banking.

So to recap:

Before: Online banking on personal computers had to be authenticated by user identification (user ID) and password, and OTP on a phone or physical token.

Now: Online banking on mobile phones is done with password or phone bio verification only. User ID is saved in the banking app for convenience. And the phone is the de facto digital token.

Am I missing something when I conclude that online banking security is now contingent on not having one's phone hacked and not losing the phone?

Teo Hoon Seng

Join ST's Telegram channel and get the latest breaking news delivered to you.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top