Frequently Asked Questions
2FA Risk Awareness
What is Two-Factor Authentication (2FA)?
2FA (also known as two-factor authentication) is the verification of a user’s online identity using two distinct factors.
The current practice used by financial institutions in Singapore is to have customers go through a 2-factor authentication process – (1) a Personal Identification Number (PIN), which is issued by the financial institution and (2) a One-Time Password (OTP), which is generated by a hardware token device or software token application, or sent via a Short Message Service (SMS) to the client. This is also the same practice adopted by Phillip Securities. When a Phillip Securities client who has elected to participate in 2FA wishes to access an online service by Phillip Securities, the client is required to enter the PIN and the OTP for authentication.
What is the purpose of 2FA?
The key objectives of 2FA are to protect the customer’s online trading account and information from unauthorized access, and enhance the overall security of online trading systems.
Here at Phillip Securities, we take a proactive role in protecting our customers. We have risk-mitigating measures in place to protect your online trading account and information from unauthorized access. To find out more, please do not hesitate to contact us.
Is 2FA compulsory for trading through POEMS?
While it is not compulsory, customers are strongly encouraged to use 2FA when trading online via POEMS. Customers that choose to use 2FA for login will be required to provide both PIN and OTP to access our online trading services. Customers should exercise due care to safeguard their PIN and OTP, and not disclose them to other parties.
For users of hardware tokens, any loss or theft of the token should be reported to Phillip Securities or the OTP provider immediately. The lost/stolen token will be disabled and the user will not be able to access his online trading account until such time when he completes the de-registration process and a new token is received. There may be a fee for the token. Please contact Phillip Securities for more details.
For more details, please do not hesitate to contact us.
What if I choose not to use 2FA for trading through Phillip Securities?
In general, single-factor password authentication is more susceptible to password-based attacks and malware that could result in the compromise and hijacking of online trading accounts by unauthorized parties. This could in turn lead to unauthorized disclosure of your personal and trading information that may be available on the online trading account, or the carrying out of fraudulent trades through your online trading account. Choosing not to use 2FA for the online trading account would increase your exposure to these risks.
How can I protect myself if I choose not to use 2FA when trading on POEMS?
You should observe the following practices to secure the confidentiality and integrity of your password and PIN (for funds transfer), security tokens, personal details and other confidential data as far as possible. These will help to prevent unauthorised transactions and fraudulent use of your accounts and make sure that no one else would be able to observe or steal your access credentials or other security information to impersonate them or obtain unauthorised access to your online accounts:You should: (a) Take the following precautions to secure your PIN and password (“credentials”);
- Credentials should be at least 8 characters of alphanumeric mix;
- Credentials should not be based on guessable information such as user-id, personal telephone number, birthday or other personal information;
- Credentials should be kept confidential and not be divulged to anyone;
- Credentials should be memorised and not be recorded anywhere;
- Credentials should be changed regularly or when there is any suspicion that it has been compromised or impaired; and
- The same PIN should not be used for different websites, applications or services, particularly when they related to different entities,