Understanding online banking security

man thinking laptop

01 Nov 2018 | 3 min. read

Technology advances have brought about conveniences such as online shopping and banking. Find out how you can keep your online transactions safe

Key takeaways

  • Protect your computers and mobile devices from cyberattacks by installing and updating firewall, anti-virus and anti-spyware on them.
  • Be vigilant and safeguard your banking information at all times. Don’t divulge your online banking credentials to anyone.
  • Use strong passwords that are difficult to guess for your online banking accounts.
  • Don’t use public computers (e.g. at hotels, airports, cafes) to perform online banking transactions.

Technology advances have brought about many changes, and many conveniences, to our daily life. Many banks now offer internet and mobile banking services so you no longer need to queue at a branch to perform common banking transactions.

However, we must be mindful of cyber threats. Threats such as phishing, fake websites, and malware to steal your identities and other information are increasingly common. It’s important to stay vigilant and safeguard yourself when you make any online transactions.

Use Strong Passwords and 2FA

Strong passwords and enabling two-factor authentication (2FA) help the bank to verify your identity  so that you can perform your online banking transactions with confidence. It is therefore important that you safeguard your passwords and 2FA credentials at all times.

Creating a strong password

A strong password is one which is difficult for anyone to guess or crack (e.g. avoid passwords such as your username, “password”, “password123” and so on) and must not be information about you or your family members that others may know. E.g. date of birth, address, phone numbers etc.

Safeguard your passwords

Using a strong password is not enough. You must safeguard your password at all times. Here are some tips:

  • Change your passwords regularly, i.e. at least once every 3 months
  • Use different passwords for different login accounts
  • Don’t write down your passwords anywhere
  • Don’t store your passwords on your computer or mobile phone
  • Never divulge your password to anyone, including your family members

Two-factor authentication (2FA)

For added security, banks have implemented 2FA at login. This gives you an extra layer of protection to ensure the security of your online accounts.

When you log in to internet or mobile banking, banks require you to identify yourself by providing:

  • Your username and PIN or password, and
  • A One-time Password (OTP), generated by your 2FA token.

OTP is usually a string of numbers or combination of alphabets and numbers (alphanumeric). The OTP is only valid for a short period of time, after which it will expire.

There are 3 types of 2FA used by banks in Singapore: 

  •  A key-chain-sized token, commonly known as a “hardware token”. These tokens can be used to digitally "sign" high-risk transactions. Notify your bank immediately if you lose your hardware token.
  • OTP sent via SMS to the mobile phone registered with the bank.
  • Digital token, or “soft token”, that will generate an OTP for you to provide as an authentication factor.  The OTP is usually generated and sent to the bank for verification without you needing to manually key in the OTP. You will need to perform a one-time registration and create a unique passcode known only to yourself in order to use the digital token.
Tips to safeguard your hardware token

Here are a few ways to safeguard your 2FA hardware token:

  • Keep your hardware token in a safe place.
  • Notify your bank immediately if you lose your hardware token.
  • Do not allow anyone to use or keep your hardware token.
  • Do not reveal the serial number of your hardware token.
  • Do not write down your user ID and PIN on the hardware token.
Tips to safeguard your soft token

Here are a few ways to safeguard your 2FA soft token:

  • Do not “jail break” your mobile devices as jail-broken devices are less secure
  • Ensure that your mobile device has the latest operating system version
  • Ensure that you are using your bank’s latest version of the mobile banking app
  • Do not divulge your soft token PIN to anyone

Guard your PC from malicious malware

If you perform internet banking, you should be mindful that your PC may also be infected with malware, directing you to a bogus banking website which will look exactly like your bank’s website. This is to trick you into revealing your login username, login password, OTP, and transaction authorisation codes.

Remember:

  • Do not download, install or execute programs, scripts or open attachments from unknown sources.
  • If you think you have become a victim of a phishing scam, contact your bank immediately.

Protect yourself

Here are some measures you can take to protect yourself:

  • Enable instant notifications (SMS or email alerts) for all banking transactions.
  • Enter the bank’s full URL or domain name into your browser’s address bar.
  • Check your bank account statements for suspicious or unauthorised transactions.
  • Contact your bank immediately if your browser or PC behaves abnormally (slowing down, hanging, crashing) while you are performing internet and mobile banking.
  • Check your bank's website for updated information on Internet security.
  • Install a firewall and anti-malware on your PC and update them regularly.
  • Log off when you complete your online banking activities.
  • Do not perform online banking using public computers in places such as hotels, cybercafés, and airports.

Last updated on 05 Nov 2018