More securities firms join Singapore's 2FA platform

update Five more trading firms including AmFraser Securities and UOB Kay Hian to offer two-factor authentication token to better safeguard online transactions, but user convenience issues need to be ironed out.
Written by Ellyne Phneah, Contributor

update SINGAPORE--Five trading firms--AmFraser Securities, CIMB Securities, DMG & Partners Securities, Lim & Tan Securities and UOB Kay Hian--have come onboard the national two-factor authentication (2FA) framework to protect their customers' online transactions.

The five companies join two existing service providers, Maybank Kim Eng Securities and Phillip Securities, to offer their customers  the OneKey physical token--which is part of the national authentication framework (NAF)--to enhance the security of their online investments. Each service provider will activate 2FA for its online services according to the company's own schedule.

Online securities trading is becoming more common as more investors now are IT-savvy and familiar with online trading, said Melinda Sam, CEO of the Securities Association of Singapore (SAS), who was speaking at a roadshow here Monday to announce the new service providers.

She added that more than 50 percent of investors today trade online because of the convenience, compared to less than 10 percent a decade ago. "However, with the convenience comes risk [and] we encourage investors to adopt 2FA for the additional peace of mind in their trading," Sam said.

Currently, securities investors only need key in their usernames and passwords, also known as first-factor authentication (1FA), to trade online, noted Chai Chin Loon, COO of Assurity Trusted Solutions, the subsidiary of the Infocomm Development Authority of Singapore (IDA) set up to oversee operations of the NAF.

The executive told ZDNet Asia at the roadshow sidelines on Monday that with 1FA, online investors are more vulnerable to cyberattacks such as Trojans "sneaking" into users' computers and stealing their passwords.

With 2FA, however, a user will have to provide a one-time password received via a physical token or designated mobile handset in addition to his regular password to access his account or initiate a transaction, the COO said.

Hence, 2FA transactions based on one-time passwords (OTP) will be "significantly more secure" as it provides an additional layer of protection to counter cyberattacks, Chai surmised.

Assurity's 2FA token, OneKey, also comes equipped with a third authentication factor, transaction signing, but it is up to organizations to decide if they want to implement the function, he noted. For instance, the feature could be activated for bigger online trading deals that amount to millions of dollars, he added.

Tackling user inconvenience issues
Trading firms had been the first customers to sign up with Assurity, Chai noted, but added the company is currently working with other industry sectors such as banks to bring more of them on board in the next two years.

For existing customers Phillip Securities and MayBank Kim Eng, which signed up earlier in December, they are now undergoing "extensive testing" with the platform and the OneKey token, he added.

Kenice Tay, marketing communications head of Phillip Securities, for one, told ZDNet Asia that the company had started testing the system with its mobile remisier team, which comprise of trading representatives who execute and provide advice for customers from outside the office, since mid-March. The team was chosen because of its smaller size, she noted.

"It is not possible to launch the system with our entire company immediately, as there might be potential risks the company are not aware of," she said. "This is why we are testing it on a small bunch [of employees] first so that we can acquire feedback from them."

Tay added that it's still too early to obtain the team's feedback, although she pointed out that customers' convenience is of "primary importance" and Assurity's double or triple authentication process may slow down the process of trading. Trading is a time-sensitive activity, and the company hopes to iron these issues out for their customers before it goes live in the latter half of this year, she explained.

MayBank Kim Eng and UOB Kay Hian could not respond to ZDNet Asia's queries at the time this article was published.

Editorial standards