Lianhe Zaobao, 防线上高额转账被诈骗 新款实体密码器或年内推出

(Summarised translation)

Singapore authorities are exploring the introduction of a new physical security token to strengthen safeguards against scams involving high-value bank transfers, with a possible launch as early as this year.

The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore are testing a hardware token based on the Fast Identity Online (FIDO) standard. Unlike traditional one-time password tokens, the new device must be physically inserted into a user’s device to authorise high-risk transactions, reducing the risk of phishing and account takeover scams.

Experts note that FIDO technology uses cryptographic key pairs stored securely on the device, making it difficult for scammers to gain access even if login credentials are compromised. The requirement for deliberate physical interaction may also help prevent impulsive scam-related transfers.

Singapore University of Technology and Design’s information systems technology and design professor, David Yau, explained that when a user registers via FIDO, the device creates a pair of cryptographic keys: a private key kept securely on the device and a public key that can be shared. During authentication, users typically unlock the key via face recognition or fingerprint, and the device produces a digital signature that servers can verify.

Prof Yau also noted that the physical token creates a dedicated, isolated environment for private keys, reducing the risk of malware on a user’s main device. Users must insert the token themselves, which reduces the risk of impulsive actions that lead to fraud. However, challenges remain, including user inconvenience, device loss, and the need for robust account recovery mechanisms.

Beyond hardware tokens, banks are rolling out additional anti-fraud measures, such as in-app notifications to verify the authenticity of bank calls, 12-hour “cool-off” periods for risky actions like adding new payees, and enhanced tools such as Money Lock and in-app voice verification.

Authorities and banks emphasise that as scam tactics evolve, security measures must continue to balance strong protection, usability, and consumer confidence.