DBS to offer online banking password via SMS

PHOTO: DBS to offer online banking password via SMS

SINGAPORE - DBS customers will be able to verify certain online banking transactions by entering a one-time password sent to their mobile phones via SMS.

The service, which will start on Sunday, will allow customers to use the one-time password, or OTP, to access their transaction history, pay bills or make fund transfers to existing payees.

They can also stick to using their physical token.

DBS joins many other banks, including Citibank, Maybank, OCBC, Standard Chartered and United Overseas Bank (UOB), in offering the SMS option.

A DBS spokesman said the service was provided in response to customer feedback.

Account holders have long grumbled that not being able to verify transactions with an SMS password means they have to carry a physical token around if they want to bank online.

Undergraduate Christopher Ng, 22, told The Straits Times: "I have been waiting for this ever since I started to bank online a few years ago. This is quite a basic service. The other banks have it, so I don't see why DBS doesn't."

Lawyer Louis Neo, 28, added: "I think it is a good change, and one to bring DBS services in line with (that of) other banks and service providers.

"The lack of SMS OTP didn't really deter me though, because I am (too) lazy to change banks. With sufficient safeguards, this would be a good balance."

Online banking security is being tightened across the industry.

Certain transactions such as requests to change an account holder's details or to add a new payee for transfers will require a new keypad token from Jan 1.

This is to comply with a Monetary Authority of Singapore requirement that these requests entail a higher level of verification, known as transaction signing.

The extra protection is needed because hackers can now steal one-time passwords that are either randomly generated on older one-button tokens or sent via text messages to customers by banks.

Banks have been complying with the need to provide the extra verification step by replacing the older tokens with ones that resemble a mobile phone keypad.

These more sophisticated devices can generate codes other than the one-time passwords.

Most banks are also in the process of sending out and activating the new tokens for online banking customers.