The next phase has started
The Monetary Authority of Singapore, working with the Association of Banks in Singapore, has moved into the next stage of its multi-phase rollout to replace SMS one-time passwords with digital tokens. Having already phased out SMS OTP for account login in the third quarter of 2025, the current phase — running through the end of Q1 2026 — extends the same phase-out to transaction authorisation for customers who have activated a digital token.
In practical terms: if you have a digital token active on your banking app, SMS OTP is no longer available as a fallback for authorising transactions, not just logging in. Digital token adoption is already reported at 60–90% among DBS, OCBC, and UOB customers, so this phase affects the majority of active banking customers rather than a small minority.
Why this phase is different from the login phase-out
Login authentication and transaction authorisation are different risk categories. Logging in tells the bank who you are. Authorising a transaction — a funds transfer, a limit change, or a request processed during a phone call — is a higher-stakes action, and MAS's guidance treats it accordingly.
For phone banking specifically, this matters because many IVR and agent-assisted flows have historically leaned on SMS OTP as the fallback authentication step when a customer doesn't have the banking app open. As SMS OTP is withdrawn for transaction-level actions, banks are pushing customers who call in toward app-based confirmation instead — a push notification to approve or decline the request from within the banking app.
What this means if you're calling about an annual fee waiver
A fee waiver request processed over the phone is, technically, a transaction authorisation — you're asking the bank to modify what's charged to your account. If your digital token is active, expect the agent to verify your identity either by an app-based push confirmation, or in some flows, no live verification is required at all if you're calling from your registered mobile number and answering standard security questions.
What doesn't change: the retention pathway itself, the TRV-based approval logic, and the ability to reach a live agent by phone. This phase-out affects how you're authenticated, not whether phone-based waiver requests remain available.
What does change: if your phone is not on hand with the banking app installed and your token activated, some banks may not be able to complete the authentication step over a call alone. Before calling in about a fee waiver, it's worth confirming your digital token is active and your app is up to date.
Full phase-out expected by Q2 2026
Under the current MAS/ABS timeline, all major Singapore banks are expected to fully phase out SMS-based two-factor authentication by the second quarter of 2026. Cardholders who have not yet activated a digital token should expect prompts from their bank to do so over the coming months — this is not optional for customers who want uninterrupted phone banking access.
The clawbacks.ai approach
Our AI voice agent is built to handle whatever authentication a bank's IVR requires at the time of the call — including app-based push confirmations and OTP flows sent to your registered mobile number. You don't need to manage the authentication step yourself; we register your details once and the agent adapts to what each bank asks for.