Online banking

Forum: Is security based solely on not losing one's phone?

Commuters using their mobile phones while travelling on the MRT on Oct 7, 2020.
Commuters using their mobile phones while travelling on the MRT on Oct 7, 2020.ST PHOTO: GIN TAY

Initially, banks said we needed two-factor authentication to secure our online banking transactions.

It began with a one-time password (OTP) sent to our mobile phones, subsequently reinforced with physical tokens, as presumably, mobile phone OTPs could be intercepted or phones hacked.

Fast forward to today, and DBS Bank has joined other big banks in dropping the physical token from online banking.

So to recap:

Before: Online banking on personal computers had to be authenticated by user identification (user ID) and password, and OTP on a phone or physical token.

Now: Online banking on mobile phones is done with password or phone bio verification only. User ID is saved in the banking app for convenience. And the phone is the de facto digital token.

Am I missing something when I conclude that online banking security is now contingent on not having one's phone hacked and not losing the phone?

Teo Hoon Seng

A version of this article appeared in the print edition of The Straits Times on January 22, 2021, with the headline 'Is security based solely on not losing one's phone?'. Subscribe