Don’t get scammed!
Protect your online securities trading accounts from hackers with two-factor authentication and rest easy when trading online.
BY: Leona Lo
Online securities trading is rapidly gaining popularity among seniors in Singapore. According to the Securities Association of Singapore (SAS), about 50 percent of securities traders here execute their trades online. A small but growing number of online securities traders are seniors aged 50 and above. In the past, calling one’s broker to place a trade was the norm. Today, seniors and retirees can be seen bonding over computer terminals at various securities trading firms in Singapore. However, with the increasing popularity of online securities trading comes the threat of online fraud and identity theft.
Chai Chin Loon, chief operating officer of Assurity Trusted Solutions (Assurity), which is a subsidiary of IDA, said, “Online securities fraud is a rising trend globally. Hackers continue to seek new and advanced ways to steal from financial institutions, with banks and securities trading firms being prime targets.”
In a typical online securities fraud scenario, hackers steal your user name and password to access your online trading accounts directly. The hackers will use your account to make illogical buy and sell trades. They will then use a separate account to benefit from these trades. Although there have been no reports of online securities trading accounts being compromised in Singapore, industry experts say this is just a matter of time, given the increasing prevalence of online banking fraud.
“Fortunately, there are freely available tools to help us counter cyber security threats. Adopting good cyber hygiene practices such as changing one’s passwords regularly and using complex passwords, and activating two-factor authentication (2FA) wherever possible will help reduce the risk of online fraud and identity theft,” said Chin Loon.
There are three methods of authenticating an individual’s identity, namely, “What we know”, such as a password or other common information like our mother’s maiden name; “What we have”, such as a security token or mobile phone; and “What we are”, such as a biometric like a fingerprint. 2FA is a combination of two of the above methods. Today, all banks require their customers to be authenticated by 2FA in the form of a One-Time Password (OTP) generated by a security device or sent via SMS.
Chin Loon said, “There is a growing awareness among service providers and end-users that passwords alone are not enough. Both personal computers and smartphones are vulnerable to malware that can sniff out usernames and passwords. This has led financial institutions such as banks, securities trading firms and insurance companies to implement 2FA for online transactions such as banking, trading and accessing personal insurance records.”
Grace Ng, 57, an ambassador for the Infocomm Development Authority of Singapore’s (IDA) Silver IT Care initiative, feels that 2FA offers “an additional layer of security”. She said, “I have a keypad token and a smartcard token that I use for online banking. I feel safer knowing that there are safeguards for my online transactions. I also enjoy the flexibility of accessing my accounts with SMS OTP when I am not at home and I do not have the 2FA devices with me.”
In November 2012, seven securities trading firms in Singapore joined the nationwide 2FA system and offered the OneKey 2FA device to their customers. Since then, about 15 percent of their combined customer base have adopted OneKey.
Ng Boon Leong, 60, who is retired and who trades online daily feels that 2FA is an “inconvenient” extra step. He said, “2FA is not necessary as the password is enough to protect my online trading accounts”.
Chin Loon added, “Among some securities traders, there is a misconception that since there are no reported cases of online securities fraud, they are safe from hacking. As a result, they are reluctant to activate 2FA, which they perceive as inconvenient and time-consuming. Against the backdrop of increasingly sophisticated cyber attacks, such apathy can result in financial and reputational loss.”
Making 2FA convenient & hassle-free
Securities traders value the speed and convenience of trading online. One of their main concerns about activating 2FA is that it adds an extra step to their log-in process. To mitigate these concerns while enhancing their customers’ online security, CIMB Securities recently launched their new online trading platform, which does away with the traditional login password. Instead, end-users key in a OTP generated by their OneKey device. In the past, they had to key in their login password each time they wanted to execute a trade. Now, they need only log in once with an OTP and execute as many trades as they wish before logging out.
Chin Loon said, “This example shows how activating 2FA can be hassle-free for end-users while enhancing their online security. One’s username and password is still an important first line of defence against identity theft and online fraud. 2FA adds an additional layer of security. We encourage end users to activate 2FA wherever possible, not just for their online financial accounts, but also for their social networking accounts.”
Randy Sng, 59, a professional in the IT industry who is also an ambassador for IDA’s Silver Care initiative, said, “Among my friends, there are some who fear going online because they feel it is unsafe. I assure them that 2FA makes it safer for them to conduct their transactions online because it adds another level of security over and above their password. We need to conduct more awareness programmes to help seniors overcome their fear of going online.”
Leona Lo is the PR manager for Assurity Trusted Solutions, which in 2011 launched the OneKey 2FA device to strengthen the security of online transactions in Singapore, and to create convenience for end-users who do not wish to carry multiple security tokens for different service providers (such as banks, insurance companies and securities trading firms). OneKey has three security functions, namely, OTP, challenge response and transaction signing.
** Assurity is sponsoring five cyber security gift packs (includes a pair of movie tickets, a luggage tag and an umbrella) to Ageless Online readers who can answer this question: Which of the following is an example of 2FA?
a. One-Time Password
b. Challenge Response
c. Transaction Signing
d. All of the above
E-mail the correct answer to: firstname.lastname@example.org by February 6. Winners will be notified with the collection details at the OneKey Customer Care Centre at Tanjong Pagar or they may arrange for the packs to be mailed to them. The judges’ decision is final.