BOC, DBS and OC required hardware token when adding payee. For other banks, consider moneyLock
— SCB is more streamlined.
In most cases,
- the user needs nothing beside username/password to log in on a computer
- when she initiates a transfer, her phone would show a pop-up button,
even if she doesn’t enter any password on the phone - when she hits the pop-up Approve button. For small amounts, the transfer takes place without further checks.
- ^^ in summary, the imposter needs nothing but your username/password + your physical phone to transfer
However, to add payee, there’s an additional, 3rd layer of protection — the phone app would ask for a 6-digit pin.
In view of the streamlined procedure at SCB, here are a few safety habits
- good habit: change the password to something less “common”
- good habit: limit on third-party transfer: reduce to $1 in normal times. Temporary increase when needed.
- good habit: remove unused payees. Add them again when needed