The shift from SMS to push notifications aims to enhance security in digital banking.
OCBC Bank Pushes for Safer Push Notifications Over SMS Alerts
SINGAPORE — OCBC Bank has announced that it will discontinue the use of SMS alerts as its default communication method for banking activities. The bank will now rely on push notifications and e-mails to notify customers about transactions, payments, and fund transfers. The decision is part of a broader move to enhance security, as experts warn that SMS messages are vulnerable to spoofing and hacking.
Vivek Gullapalli, Chief Information Security Officer for Asia Pacific at Check Point Software Technologies, explained that SMS messages travel through the telecommunications network and are susceptible to spoofing, where attackers disguise themselves as the bank to deceive customers. This vulnerability has led to a rise in scams that exploit SMS messages.
Push notifications, however, are delivered through a secure banking app, ensuring that the entire process is enclosed and controlled, offering an additional layer of protection against cyber threats. E-mails, while still at risk for phishing attacks, are considered a secondary measure for communication when a customer’s device may be compromised.
Kelvin Lim, Director of Security Engineering at Synopsys Software Integrity Group, noted that SMS technology, which is over 30 years old, lacks modern encryption and is inherently insecure. Push notifications, on the other hand, are encrypted and harder for hackers to intercept.
The transition to push notifications is also expected to help banks reduce costs, although the move is primarily motivated by the need to improve security. Both OCBC and other banks like DBS and UOB are increasing their investment in secure communication channels as cybersecurity becomes more critical in the age of digital banking.
A Shared Responsibility Framework proposed by the Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority (IMDA) aims to improve accountability for financial institutions and telecommunications companies in ensuring secure communications. This framework holds these entities liable for lapses that compromise customer security, highlighting the growing importance of digital security in banking.
The shift towards secure push notifications and e-mails represents an essential step in protecting consumers in an increasingly connected world.
