Singapore has mandated using facial recognition as authentication for “increased threat” banking transactions, in a bid to stem growing scams in the country.
Retail banks will roll out Singpass Face Verification over the following three months to beef up the setup course of for digital tokens, in keeping with a joint statement launched Wednesday by business regulator Financial Authority of Singapore (MAS) and the Affiliation of Banks in Singapore (ABS).
Additionally: Non-cash transactions to hit 1.6T, with Asia leading adoption
Verification mode shall be triggered in higher-risk eventualities to enrich present authentication strategies for organising digital tokens, they mentioned. In the end, face scans confirm a buyer’s identification towards Singapore’s data earlier than the digital token could be activated to be used by the client.
“This makes it tougher for a scammer to take over a buyer’s digital token by setting it up on his personal gadget utilizing phished credentials equivalent to an SMS, one-time passwords (OTPs), and/or financial institution card data,” MAS mentioned.
Additionally: Microsoft Copilot to be integrated into Singapore’s legal technology platform
Prospects who don’t have already got a Singpass account must register for an account and obtain the Singpass app earlier than they’ll arrange digital tokens for his or her financial institution accounts.
Launched in 2003, Singpass is the nationwide digital identification used to authenticate entry to varied on-line actions in Singapore, together with e-government companies, doc signing, and reserving medical appointments. It’s utilized in greater than 2,700 companies throughout 800 authorities businesses and companies, with authentication through biometrics or SMS two-factor authentication (2FA).
Singpass at present has greater than 4.2 million customers, processing greater than 41 million transactions every month, in keeping with authorities company GovTech.
Additionally: Asian banks are a favorite target of cybercrooks, and malicious bots their preferred tool
The most recent transfer is a part of security measures banks in Singapore have carried out, together with a kill switch, to safeguard prospects towards scams. In July, native banks — DBS, OCBC, and UOB additionally unveiled plans to retire the use of one-time passwords (OTPs) for purchasers who’ve digital tokens.
ABS director Ong-Ang Ai Boon mentioned: “Singpass Face Verification offers prospects elevated safety towards unauthorized entry to their financial institution accounts, including to the suite of measures and instruments that banks have offered prospects to empower them to protect themselves towards scams. Whereas banks will proceed to do their half to struggle scams, customers need to be vigilant themselves and follow good cyber hygiene.”
It is a essential transfer as digital tokens are used to approve subsequent transactions, famous Bathroom Siew Yee, MAS’ assistant managing director for coverage, funds, and monetary crime.
Additionally: Banks must move past PIN, OTP to ensure mobile security
Extra verification is used for increased threat eventualities by banks equivalent to DBS, for example, that contain including a payee or updating private particulars.
Singapore’s ongoing efforts to beef up the cyber resilience of banks come amid rising assaults concentrating on the monetary companies sector.
The business stays the world’s most often focused for Layer 3 and 4 distributed denial-of-service (DDoS) assaults for the second consecutive yr, in keeping with Akamai Applied sciences’ newest State of the Internet (SOTI) report. Such assaults intention for community and transport layers with the intent to overwhelm community infrastructures and clog bandwidth.
Monetary companies sector stays a preferred goal for assault
Monetary companies account for 34% of DDoS assaults, adopted by gaming at 18%, and excessive expertise at 15%, as documented within the report, whose insights are based mostly on information from Akamai Linked Cloud.
It attributed the spike in DDoS actions to ongoing geopolitical tensions that drove up hacktivism, with the involvement of well-known risk actors together with REvil, BlackCat (ALPHV), and KillNet, generally linked to the Russian-Ukraine warfare.
Additionally: Singapore updates OT security blueprint to focus on data sharing and cyber resilience
As well as, 36% of all suspicious websites monitored by Akamai are implicated in model impersonation and abuse actions concentrating on the monetary companies sector. Phishing attacks additionally dominate counterfeit websites concentrating on monetary companies, accounting for 68% of all recorded cases.
Akamai additional pointed to a pointy climb within the variety of Layer 7 DDoS assaults that particularly goal purposes through APIs (software programming interfaces). “A serious concern [is] undocumented shadow APIs, which are sometimes unprotected as a result of data safety groups are unaware of their existence,” the report famous. “Attackers can exploit these APIs to exfiltrate information, bypass authentication controls, or carry out disruptive acts.”
Additionally: Banks defending their right to security are missing the point about consumer trust
Particularly, the Asia-Pacific area clocked the very best median risk rating for phishing assaults, in keeping with the Akamai examine. Particularly, it noticed a excessive variety of suspicious domains and requests.
The area’s excessive digital adoption in addition to lively engagement on social media put its monetary sector in a weak place to cyber assaults, Akamai mentioned.
It added that the area additionally faces distinctive cybersecurity challenges attributable to its fragmented panorama, the place international locations within the West and World South with robust gross home product (GDP) make it a primary goal for assaults.
Additionally: This data platform will help banks share criminal intelligence
“The fast digitalization in banking, mixed with low consciousness of phishing risks, places shoppers at a better threat of assaults regardless of this area having fewer phishing or model impersonation domains in comparison with different elements of the world,” the report famous. “This means that buyers within the area are at a better threat of getting their banking data and different delicate information stolen when visiting web sites.”
With nearly all companies out there on-line, alongside monetary organizations’ elevated engagement on social media, Asia-Pacific’s web adoption makes it a primary goal for cybercriminals. It gives extra avenues for phishing and impersonation assaults, exploiting customers’ belief in these platforms.
“Monetary establishments in [the region] face a trifecta of challenges in at the moment’s panorama equivalent to safeguarding property and information, guaranteeing compliance, and staying forward of innovation to teach prospects on the most recent phishing and rip-off techniques,” mentioned Reuben Koh, Akamai’s Asia-Pacific Japan director of safety expertise and technique.
Additionally: APAC consumers share more data, but will ditch firms over security breach
“With monetary companies persevering with to be essentially the most focused business in Asia-Pacific, together with Japan, for net software and API cyberattacks, expertise decision-makers like chief data safety officers should fastidiously determine the place to automate, delegate, and outsource, guaranteeing scalable safety options that not solely defend property but additionally protect buyer loyalty in an more and more digital world.”