[sgbuffett]

If nothing happened, these are just security loopholes waiting to be exploited. 

One thing good when it happens is wake us up to think and do more to protect the ordinary people from frauds and scans. The whole system is like a sitting duck ...and even well known weakness like sms, nobody bothered to fix because nothing happened until this event.

The fact that Singapore and not other countries were targeted ...tells us something. This something we ignore at our own peril.

What we know from this incident is somehow Singapore has thought of itself to be so capable and smart, complacency has set in.

When you check the security guidelines for banks in other countries,  the explicitly forbid SMS to be used in MFA. They already know sms invented in 90s is unencrypted, can be spoofed and redirected. I don't think our authorities don't know this but they were complacent and think nothing will happened. So it is not a lack of knowledge.

All this also tell me as an ordinary citizens, that we cannot take good governance for granted just because we pay top dollar for people in govt. 

For me this is a long line of disappointments where the people who were supposed to protect us had other considerations and traded away the financial safety of the citizens. CLOB is one example where the govt insisted on operating a secondary market not recognised by Malaysia. S-Chips another. Lehman Minibonds which was stopped by many countries was allowed to be sold in Singapore.

For me, I find Iit difficult to trust people in authority and the govt enough for them the run the show without proper checks and balance ...and them being able to keep information from us 

 We have to change.

[debono]

If nothing happened, these are just security loopholes waiting to be exploited. 

One think good when it happens is wake us up to think and do more to protect the ordinary people from frauds and scans. The whole system is like a sitting duck ...and even well known weakness like sms, nobody bothered to fix because nothing happened until this event.

The fact that Singapore and not other countries were targeted ...tells us something. This something we ignore at our own peril.

What we know from this incident is somehow Singapore has thought of itself to be so capable and smart, complacency has set in.

When you check the security guidelines for banks in other countries,  the explicitly forbid SMS to be used in MFA. They already know sms invented in 90s is unencrypted, can be spoofed and redirected. I don't think our authorities don't know this but they were complacent and think nothing will happened. So it is not a lack of knowledge.

All this also tell me as an ordinary citizens, that we cannot take good governance for granted just because we pay top dollar for people in govt. 

For me this is a long line of disappointments where the people who were supposed to protect us had other considerations and traded away the financial safety of the citizens. CLOB is one example where the govt insisted on operating a secondary market not recognised by Malaysia. S-Chips another. Lehman Minibonds which was stopped by many countries was allowed to be sold in Singapore.

For me, I find Iit difficult to trust people in authority and the govt enough for them the run the show without proper checks and balance ...and them being able to keep information from us 

 We have to change.

Well said, there are much truths in what you said.  I am really impressed.....

[Gstalk]

For me, I find Iit difficult to trust people in authority and the govt enough for them the run the show without proper checks and balance ...and them being able to keep information from us 

 We have to change.

Why are they paid millions and millions then???


Something is not right.


.

[debono]

Why are they paid millions and millions then???


Something is not right.


.

They (the ministers) argue that they are paid the market price.  They take the salaries/remunerations, of the 1,000 best paying jobs and do an average income per annum....that is how they derived their million dollars salaries/remunerations......

[Blasterlord2]

I think we have to be clear that SMS is NOT the problem. SMS is just like your email, anybody can send you any link. And the link can lead you to a phishing website.

The weakness is in only relying on SMS. Any transaction should not just rely on password. If it does, then anyone who got hold of your password has your money. That is why there is such a thing called MFA, which is really multi-factor authentication. For a transaction to go through, the bank will have to send you a confirmation message (e.g. OTP) which you have to authorize. Knowing just the password is useless.

So perhaps only OCBC has this particular loophole in not authenticating user in a transaction.

[debono]

I think we have to be clear that SMS is NOT the problem. SMS is just like your email, anybody can send you any link. And the link can lead you to a phishing website.

The weakness is in only relying on SMS. Any transaction should not just rely on password. If it does, then anyone who got hold of your password has your money. That is why there is such a thing called MFA, which is really multi-factor authentication. For a transaction to go through, the bank will have to send you a confirmation message (e.g. OTP) which you have to authorize. Knowing just the password is useless.

So perhaps only OCBC has this particular loophole in not authenticating user in a transaction.

As a big bank, why does OCBC has this loophole for not authenticating user in a transaction....?

[ArielCasper]

If nothing happened, these are just security loopholes waiting to be exploited. 

One thing good when it happens is wake us up to think and do more to protect the ordinary people from frauds and scans. The whole system is like a sitting duck ...and even well known weakness like sms, nobody bothered to fix because nothing happened until this event.

The fact that Singapore and not other countries were targeted ...tells us something. This something we ignore at our own peril.

What we know from this incident is somehow Singapore has thought of itself to be so capable and smart, complacency has set in.

When you check the security guidelines for banks in other countries,  the explicitly forbid SMS to be used in MFA. They already know sms invented in 90s is unencrypted, can be spoofed and redirected. I don't think our authorities don't know this but they were complacent and think nothing will happened. So it is not a lack of knowledge.

All this also tell me as an ordinary citizens, that we cannot take good governance for granted just because we pay top dollar for people in govt. 

For me this is a long line of disappointments where the people who were supposed to protect us had other considerations and traded away the financial safety of the citizens. CLOB is one example where the govt insisted on operating a secondary market not recognised by Malaysia. S-Chips another. Lehman Minibonds which was stopped by many countries was allowed to be sold in Singapore.

For me, I find Iit difficult to trust people in authority and the govt enough for them the run the show without proper checks and balance ...and them being able to keep information from us 

 We have to change.

Yes, SMS can be hijacked and that why all banks are moving to a digital token (using our phone) approach. But why do local banks still allow SMS OTP? Because there will alway be a group of users who distrust banking apps and rather used a proven technology..

Before we start bashing the banks, how many of us here are using digital token approach instead of OTP? For me, yes, prior to this saga, I was too lazy to go and register for  digital token and continue to rely on SMS OTP, since something is still working, why fixed it.. After this saga, I will be using digital token as my main authentication. Will it solve the scam problem, I don't know, but that seem to be the industry standard now (SC is using that approach as well)..

One thing that all banks need to work on urgently is the time taken to reach a human staff when there is an urgent need (like stopping a scam transaction).. Business has been too complacent in handling 99% of the non urgent user calls, until they forgotten that there is that 1% genuine need, and this time, it blew right into OCBC face.

As for this statement "CLOB is one example where the govt insisted on operating a secondary market not recognised by Malaysia", do you guys seriously think that we can operate a secondary market without the consent from Malaysia?The statement is half right, because Malaysia unilaterally declared CLOB to be illegal (after in place for 8-10 years), and chong kong the hard earn money from the investors.. Why didn't Singapore govt hit back and chong kong some assets from Malaysia?? I guess back then Woodie Goh is too chicken to do that.

[talky]

If nothing happened, these are just security loopholes waiting to be exploited. 

One thing good when it happens is wake us up to think and do more to protect the ordinary people from frauds and scans. The whole system is like a sitting duck ...and even well known weakness like sms, nobody bothered to fix because nothing happened until this event.

The fact that Singapore and not other countries were targeted ...tells us something. This something we ignore at our own peril.

What we know from this incident is somehow Singapore has thought of itself to be so capable and smart, complacency has set in.

When you check the security guidelines for banks in other countries,  the explicitly forbid SMS to be used in MFA. They already know sms invented in 90s is unencrypted, can be spoofed and redirected. I don't think our authorities don't know this but they were complacent and think nothing will happened. So it is not a lack of knowledge.

All this also tell me as an ordinary citizens, that we cannot take good governance for granted just because we pay top dollar for people in govt. 

For me this is a long line of disappointments where the people who were supposed to protect us had other considerations and traded away the financial safety of the citizens. CLOB is one example where the govt insisted on operating a secondary market not recognised by Malaysia. S-Chips another. Lehman Minibonds which was stopped by many countries was allowed to be sold in Singapore.

For me, I find Iit difficult to trust people in authority and the govt enough for them the run the show without proper checks and balance ...and them being able to keep information from us 

 We have to change.

ong y k just say ownself check ownself is a virtue
the most laughable comments fr a minister.

then why we need auditors 3rd party views  ?

[Bigiron]

If nothing happened, these are just security loopholes waiting to be exploited. 

One thing good when it happens is wake us up to think and do more to protect the ordinary people from frauds and scans. The whole system is like a sitting duck ...and even well known weakness like sms, nobody bothered to fix because nothing happened until this event.

The fact that Singapore and not other countries were targeted ...tells us something. This something we ignore at our own peril.

What we know from this incident is somehow Singapore has thought of itself to be so capable and smart, complacency has set in.

When you check the security guidelines for banks in other countries,  the explicitly forbid SMS to be used in MFA. They already know sms invented in 90s is unencrypted, can be spoofed and redirected. I don't think our authorities don't know this but they were complacent and think nothing will happened. So it is not a lack of knowledge.

All this also tell me as an ordinary citizens, that we cannot take good governance for granted just because we pay top dollar for people in govt. 

For me this is a long line of disappointments where the people who were supposed to protect us had other considerations and traded away the financial safety of the citizens. CLOB is one example where the govt insisted on operating a secondary market not recognised by Malaysia. S-Chips another. Lehman Minibonds which was stopped by many countries was allowed to be sold in Singapore.

For me, I find Iit difficult to trust people in authority and the govt enough for them the run the show without proper checks and balance ...and them being able to keep information from us 

 We have to change.

They are always reactive rather than proactive this pap gov. They don't serve the people they serve where money is