BANKS will soon be required to use a one-time password (OTP) when applying for licences, grants or tax incentives with the Monetary Authority of Singapore (MAS).
The authority's secured Masnet website and e-mail service for communicating with banks and brokerages here is slated for a security upgrade.
The boost comes as government agencies tighten security - for instance, by making OTPs compulsory for e-transactions involving sensitive data - in the wake of June's SingPass breaches.
OTPs are randomly generated on a name card-size token or sent via SMS. It is entered on websites in addition to the usual user name and password in a process called two-factor authentication (2FA).
In tender documents seen by The Straits Times, the MAS said it wants to introduce 2FA to Masnet users "to continuously strengthen security by aligning with... best practices and MAS' risk guidelines".
It is also looking to migrate out of its current Lotus Notes e-mail platform to a Web-based system so users can read their secured e-mail via a Web browser.
Banks, which are heavy users of Masnet, told The Straits Times that they welcome the upgrade as they submit sensitive data such as earnings via the system.
Mr Lukas Raska, Asia-Pacific chief operating officer of Slovakia-based security software maker ESET, said the upgrade is timely as the MAS has been urging all financial institutions to safeguard online transactions with 2FA.
Some brokerages have still not made 2FA compulsory for all investors and the MAS is reviewing if it should be mandated.
"If (2FA) were compulsory, it would be one of the more cost- effective ways to protect financial institutions and traders from falling prey to data and identity theft," Mr Raska said.
So far, only banks and three of the major retail brokerages - DBS Vickers, OCBC Securities and CIMB Securities - require clients to use an OTP.
The other major brokerages - Lim & Tan Securities, Phillip Securities, DMG & Partners Securities, UOB Kay Hian, Maybank Kim Eng Securities and AmFraser Securities - have introduced a version of 2FA that clients can opt to use.
They have been issuing the government-backed OneKey security token since November 2012 but the take-up rate has been slow, with only 20 per cent of the estimated 200,000 investors using the device.
Get the full story from The Straits Times.