Protecting customer accounts, both consumer and business, is a top priority for financial institutions everywhere, especially in light of the growing security risks with online and mobile banking. The global nature of today’s financial world has also led many banks to offer international banking services to multinational corporations and consumers, which has complicated their ability to provide security. As a result, many financial institutions, and even governments, are looking past yesterday’s security approaches and assessing new and stronger alternatives, such as transaction signing.
Governments and regulatory bodies are embracing secure digital transaction signing by setting industry standards and enacting regulatory requirements aimed at engineering a more secure digital environment for their citizens. One of the strictest and most prescriptive set of standards in effect is the Monetary Authority in Singapore (MAS) Technology Risk Management Guidelines, which states that financial institutions should implement two-factor authentication at login for all types of online financial systems and transaction signing for authorizing transactions. It also requires that banking customers be able to review individual transactions as part of a batch and sign them on an out-of-band device. The guidance also suggests that a one-time-password (OTP) or digital signature be generated for each new payee being added and that the data being signed should be displayed to the customer in a meaningful way before being signed. Singapore is not the only territory implementing requirements. Others include South Korea and Taiwan.