Skip to main content

Advertisement

Advertisement

Banks move to replace physical dongles with digital tokens

SINGAPORE — More than a decade after banks in Singapore issued hardware tokens, two of the Big Three lenders are ditching the physical dongle, which customers have to carry around for banking transactions on the go.

DBS, Singapore’s largest bank, said on April 11, 2017, it would stop issuing physical dongles in the second quarter of next year in a move that will affect over 2.6 million of its customers. Photo: DBS

DBS, Singapore’s largest bank, said on April 11, 2017, it would stop issuing physical dongles in the second quarter of next year in a move that will affect over 2.6 million of its customers. Photo: DBS

Follow TODAY on WhatsApp

SINGAPORE — More than a decade after banks in Singapore issued hardware tokens, two of the Big Three lenders are ditching the physical dongle, which customers have to carry around for on-the-go banking transactions. 

In its place will be simpler and more convenient “digital tokens”, which have already been used by more than 200,000 DBS customers in a successful trial and about 7,000 United Overseas Bank (UOB) customers since December. 

DBS, Singapore’s largest bank, said on Tuesday (April 11) it would stop issuing physical dongles in the second quarter of next year in a move that will affect more than 2.6 million of its customers. 

UOB, the smallest of the three local banks, plans to expand the use of digital tokens beyond its Mighty app to its Internet banking platform by the end of this year. Meanwhile, Oversea-Chinese Banking Corp (OCBC) is considering biometrics for customer authentication. “OCBC is currently evaluating alternate modes of authentication, including biometrics, to ensure that the selected solution has the right balance of security and convenience,” said Mr Aditya Gupta, the bank’s e-business head. 

In an email sent to customers on Tuesday, DBS said the digital token would be a new security enhancement on its digibank mobile application.  The move towards replacing the physical dongle started last December, and the soft token will be rolled out to DBS’ wealth customers on its iWealth app by next month, and subsequently to online banking users. 

“While customers using our digital channels will be advised to switch to digital tokens after the end of life of their physical tokens, we will continue to issue physical tokens until we fully implement the migration in the second quarter of 2018,” said Mr Jeremy Soo, DBS’ head of consumer banking group. The change is fuss-free, with customers logging into their digibank app to carry out a one-time set-up of the digital token using their physical dongle for authentication. Enhanced encryption and dynamic in-built security offer layered protection against malware targeting the mobile apps, said Mr Soo. He added that one-time passwords (OTPs) will be verified in the background, and customers no longer have to key these in for low-risk transactions, such as viewing one’s transaction history.

At UOB, Mr Aaron Chiew, the bank’s head of digital and mobile, retail digital banking, said: “The move towards digital security tokens also enables us to reduce the number of hard tokens we issue. This translates into potential cost savings.” 

Bank clients had mixed feelings. Cashier Grace Lee, 60, was concerned about what could happen if a user’s phone is stolen. Nevertheless, Ms He Qing Pei, 26, a human resources manager, welcomed the convenience. “It’s a hassle to carry another item around for banking. It’s fuss-free,” said Ms He. “As for the security concerns, it’s true that more people are looking at infiltrating phones these days, with people using their phones for various tasks.”

The FAQ published on DBS’ website advised users who lose their phones to download the digibank app on a new mobile device, and remove access to the app via the lost device. The app is also secured and accessible only with a user ID or PIN or fingerprint. 

Cloud Security Alliance director Anthony Lim noted that the concerns were legitimate. “If someone picks up your phone and manages to get past your password ... the soft token is there waiting for the perpetrator to use,” he said. 

However, Frost & Sullivan’s Asia-Pacific industry principal Quah Mei Lee pointed out that assuming the digital token has the necessary security to mitigate key threats, its use — alongside the fingerprint authentication on the digibank app — would be “as secure as necessary”, she said. 

Apart from banks, more businesses are going the digital route for authentication processes. This month, healthcare solutions provider Aon Care introduced soft tokens as part of a multi-factor authentication for its customers. 

Ms Corine Cheong, executive director (health and benefits) at Aon Hewitt Singapore, said that compared to hardware tokens, this approach was more environment- and user-friendly, “given that people carry multiple tokens for their banking transactions”.

Read more of the latest in

Advertisement

Advertisement

Stay in the know. Anytime. Anywhere.

Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.

By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.