New, more advanced password tokens for DBS customers

The existing DBS iBanking token (left) and the new token (right).

DBS' 1.7 million e-banking customers will get a more advanced password tokens from Dec 15 onwards to counter sophisticated hacker scams which steal passwords and money.

These new tokens are the size of a namecard and come with a keypad to let users enter a payee's account number and transaction amount.

The 2FA password is generated based on the numbers entered. Any transaction modified by a hacker can be spotted by a bank as it will not match the details for which the 2FA password was generated.

The Straits Times reported that hackers are now able to steal two-factor authentication (2FA) passwords generated by the current password tokens by creating fake websites that pop up whenever a customer logs onto his Internet banking account.

Users unknowingly enter their username and 2FA passwords and disclose the information to the hackers.

In early October, the Association of Banks in Singapore warned of a malicious software called SpyEye which intercepts and alters users' online transactions after they key in their usernames and 2FA passwords.

A warning was issued by the association on behalf of over 100 member banks here.

According to the English daily, other banks like UOB, OCBC and Maybank had also said they would start to issue keypad tokens from next year.

paullim@sph.com.sg