Standard Chartered Bank Singapore earlier this month unveiled the country’s first interactive payment card that offers enhanced security. The Security Token Card is the same size (0.1cm) and weight as a standard credit card.
The Security Token Card comes with an embedded high-contrast LCD display and touch-sensitive buttons. The buttons and LCD display allows for the generation of a One-Time Password (OTP) to use as a second factor when doing online banking.
The Security Token is slated to replace existing two-factor authentication methods such as text message OTP and physical tokens by January 2013. On that front, the technology will make its way into credit cards, debit cards, and ATM cards issued by Standard Chartered Bank Singapore.
The bank says that the Security Token Card’s use will be mandatory for adding third-party payees, transferring funds, or making payments for amounts beyond a predefined threshold, as well as for updating personal particulars including mailing address, contact number, and email address.
The Security Token Card incorporates technology by NagraID Security; you can read detailed technical specifications in this PDF. There is no mention of how long its internal power source can last, though NagraID Security offers up to three years of warranty.
The Monetary Authority of Singapore (MAS) has mandated the use of two-factor authentication for use locally since 2006, and several years ago, extended this mandate to local online credit card purchases.
Many people in Singapore rely on more than one banking institution and have to carry around multiple security tokens. The Security Token Card greatly reduces this hassle by compressing it into the size of a credit card.
What this means for SMEs and IT
Internet banking has gained a mainstream presence in businesses due to its sheer convenience. This increased efficiency can make a world of difference for small and mid-sized enterprises (SME), of which there are 165,000 registered in Singapore. On the flip side, smaller businesses also run a higher risk of being ruined from a single instance of financial fraud compared to larger businesses.
Based on reports of online financial fraud that surfaces from time to time, it is evident that the use of two-factor authentication is yet to be deployed by every financial institution. Therefore, IT departments should be concerned with protecting end-point devices such as PCs and laptops against malware, but also that the finance department is conducting online financial transaction with financial institutions that offer two-factor authentication and sensible security measures that take full advantage of it.
Also read on TechRepublic: How Singapore’s DBS Bank implements two-factor authentication.