3 November 2012
The Straits Times reported that Standard and Chartered Bank has introduced an
innovative ATM card that doubles as a security token (ST 3 November 2012).
This report remind me of the messy arrangements that now exist in Singapore
to authenticate a person for online transactions.
I now carry three separate tokens issued by the same bank for my personal bank account and
for the bank accounts of two corporate entities that I am responsible for. The banks also require me
to authenticate payments by my credit card using my mobile phone.
Soon, there will be the need for government agencies to authenticate their online transactions
as well. Will this mean more security tokens?
It must be quite costly and wasteful for each organization or agency to issue its security token and to set up
the infrastructure to authenticate them. The high cost will ultimately have to be born by the public and
It is now the right time for Singapore to set up a national framework to authenticate a person. This framework should allow several authentication service providers to be licensed and for consumers to choose their preferred provider. This will also reduce the concentration of risks in one provider serving the entire population.
Under this framework, some banks may be interested to offer the authentication service to other commercial users for a fee. This will help them to earn fees to recoup the heavy cost of their investment, and provide a useful service to their own customers as well. It will also ensure the rapid adoption of the online authentication in Singapore.
I hope that the Infocomm Development Authority of Singapore will take the lead in this effort.
Tan Kin Lian