Sigh. DBS need not become a bank/company that one would want to hate like Microsoft. DBS marketing is taking more than a few pages (looks like a whole chapter) on how to annoy and break the compact between a buyer and a seller.
In DBS’ relentless pursuit to listen to the boss, they took a path of irrational waste of money by introducing a token based two factor authentication. Interestingly, they only rolled it out to stupid DBS customers (I fall into that) and left the smarter POSB alone. But it looks like the POSB customers are now suspect and today, I (albeit my wife) received a token to access POSB internet banking accounts. Sigh, sigh.
Just look at what the third largest bank in Singapore OCBC has done:
12/08/2006 07:19 PM Please respond to
To OCBC customers
Subject OCBC 2-Factor Authetication (2FA) : Invitation to a More Secure Online Banking Experience
Dear Internet Banking user,
We are pleased to invite you to come on board today and experience greater peace of mind when you bank online with 2-Factor Authentication (2FA) – the latest security measure from OCBC that provides effective protection against Internet threats such as identity theft and phishing.
As a 2FA user, you will be prompted to enter a One Time Password (OTP) as a 2nd level of authentication whenever you initiate login to Internet or Mobile Banking. OTPs are obtained via 2FA Tokens, which depending on your choice, may involve a physical hardware device or your mobile phone.
Login to Internet and Mobile banking with the following steps:
* Step 1 – Enter your Access Code and PIN
* Step 2 – Enter an OTP, generated by your preferred 2FA token, to complete the login process
Choose from 3 simple 2FA solutions to suit your lifestyle
We understand that additional levels of security should not come with additional levels of complexity or inconvenience. We have gone the extra mile to offer 3 easy ways- via 2FA tokens- to generate your OTP. Pick the token that suits your lifestyle best!
A key chained-sized device that generates your OTP. Generate your OTP from a simple software that is installed into your mobile phone. Your OTP is sent via SMS when you initiate the login process to Internet or Mobile Banking.
For full details on your 2FA choices, visit http://www.ocbc.com/2FA now!
Copyright 2006 – OCBC Bank | All Rights Reserved. Co. Reg. No.: 193200032W
DBS continues to be defiant, cocky and indifferent to customer (that would be me) requests. Perhaps I should do a public demo of how trivial it is to hijack/fake a two-factor authentication scheme – to highlight the folly of having to have this method in the first place. Urrgh!