2 Factor Authentication (2FA) Risk Awareness Statement
General
2FA (also known as two-factor authentication) is the verification of a user’s online identity using two distinct factors.
The current practice used by financial institutions in Singapore is to require clients to go through a 2-factor authentication process –
(1) a Personal Identification Number (PIN), which is issued by the financial institution and
(2) a One-Time Password (OTP), which is generated by a hardware token device or software token application, or sent via a Short Message Service (SMS) to the client.
This is also the same practice adopted by Phillip Nova. When a Phillip Nova client who has elected to participate in 2FA wishes to access an online service by Phillip Nova, the client is required to enter the PIN and the OTP for authentication.
The key objectives of 2FA are to protect the client’s online trading account and information from unauthorised access, and enhance the overall security of online trading systems.
At Phillip Nova we take a proactive role in protecting our clients. We have risk mitigating measures in place to protect your online trading account and information from unauthorised access. Please contact Phillip Nova for more details.
In our ongoing commitment to protect your account, Two-Factor Authentication (2FA) will soon become mandatory across all Phillip Nova systems, including the Client Portal and all trading platforms.
2FA is not compulsory for trading through Phillip Nova.
Nonetheless, clients are encouraged to use 2FA on their online trading accounts. Clients that elect to use 2FA for login will be required to provide both PIN and OTP to access the online trading services. Clients should exercise due care to safeguard their PIN and OTP, and not disclose them to other parties.
For users of hardware tokens, any loss or theft of the token shall be reported to Phillip Nova or the OTP provider immediately. The lost/stolen token will be disabled and the user will not be able to access his online trading account until such time when he completes the de-registration process and a new token is received. There may be a fee for the token. Please contact Phillip Nova for more details.
In our ongoing commitment to protect your account, Two-Factor Authentication (2FA) will soon become mandatory across all Phillip Nova systems, including the Client Portal and all trading platforms.
In general, single-factor password authentication is more susceptible to password-based attacks and malware that could result in the compromise and hijacking of online trading accounts by unauthorized parties. This could in turn lead to unauthorized disclosure of your personal and trading information that may be available on the online trading account, or the carrying out of fraudulent trades through your online trading account. Choosing not to use 2FA for the online trading account would increase your exposure to these risks.
In our ongoing commitment to protect your account, Two-Factor Authentication (2FA) will soon become mandatory across all Phillip Nova systems, including the Client Portal and all trading platforms.
You should observe the following practices to secure the confidentiality and integrity of your password and PIN (for funds transfer), security tokens, personal details and other confidential data as far as possible. These will help to prevent unauthorised transactions and fraudulent use of your accounts and make sure that no one else would be able to observe or steal your access credentials or other security information to impersonate them or obtain unauthorised access to your online accounts:
You should:
(a) Take the following precautions regarding your PIN and password (“credentials”);
- Credentials should be at least 8 characters of alphanumeric mix;
- Credentials should not be based on guessable information such as user-id, personal telephone number, birthday or other personal information;
- Credentials should be kept confidential and not be divulged to anyone;
- Credentials should be memorised and not be recorded anywhere;
- Credentials should be changed regularly or when there is any suspicion that it has been compromised or impaired; and
- The same PIN should not be used for different websites, applications or services, particularly when they related to different entities
(b) Not select the browser option for storing or retaining user name and password;
(c) Check the authenticity of our website by comparing the URL and our name in its digital certificate or by observing the indicators provided by an extended validation certificate;
(d) Check that the website address changes from ‘http://’ to ‘https://’ and a security icon that looks like a lock or key appears when authentication and encryption is expected;
(e) Check your account information, balance and transactions frequently and report any discrepancies;
(f) Install anti-virus, anti-spyware and firewall software in your personal computers and mobile devices;
(g) Update operation system, virus and firewall products with security patches or newer versions on a regular basis;
(h) Remove file and printer sharing in computers, especially when they are connected to the internet;
(i) Make regular backup of critical data;
(j) Consider the use of encryption technology to protect highly sensitive or confidential information; (k) Log off each and every online session;
(l) Clear browser cache after each and every online session; (m) Not install software or run programs of unknown origin;
(n) Delete junk or chain emails;
(o) Not open email attachments from strangers;
(p) Not disclose personal, financial or credit card information to little-known or suspicious websites;
(q) Not use a computer or a device which cannot be trusted; and
(r) Not use public or internet café computers to access online services or perform financial transactions.
In our ongoing commitment to protect your account, Two-Factor Authentication (2FA) will soon become mandatory across all Phillip Nova systems, including the Client Portal and all trading platforms.
2FA is available on both the Phillip Nova and Phillip MetaTrader 5 (MT5) platforms. For MetaTrader 5, the 2FA is an inbuilt feature of the platform, so users of MT5 will not be able to opt out of 2FA.
Client Portal
2FA will be enabled by default on the Client Portal starting 2 August 2025. There is no setting up required.
Upon logging in, a One-Time Password (OTP) will be sent to you via your chosen verification method — either email or SMS. You’ll need to enter this OTP to complete the login process.
Please always ensure that your email address and mobile number are up to date in your account records. This will help prevent any issues when receiving your OTP.
If you did not receive your One-Time Password (OTP), please follow the steps below based on your selected delivery method:
For Email OTP:
Check your Spam, Junk, or Promotions folder.
Ensure your mailbox isn’t full and can receive new emails.
Confirm that you entered the email address registered to your trading account(s).
For SMS OTP:
Ensure your phone has stable network reception.
Check if your phone is set to block unknown or short-code numbers.
If using a dual-SIM device, verify that the correct SIM is active for receiving messages.
Try restarting your device to refresh message reception.
If the issue persists, please contact our support team for assistance:
Client Service Desk | IT Helpdesk |
(65) 6538 0500 | (65) 6597 3241 |
Mon-Fri, 9am-6pm | Mon-Sat, 5am-5am |
If you received a One-Time Password (OTP) without initiating a login or action, please contact us immediately. This may indicate an attempted unauthorised access to your account.
Client Service Desk | IT Helpdesk |
(65) 6538 0500 | (65) 6597 3241 |
Mon-Fri, 9am-6pm | Mon-Sat, 5am-5am |
You can identify a legitimate OTP message by the following:
No clickable links – Our OTP messages are for verification purposes only and do not contain any links.
Sender profile –
Email OTP: Verify <onenovaotp@phillip.com.sg>
- SMS OTP: PhillipNova or VonageAPI
No replies required – Please do not reply to the message, as it is sent from an unmonitored address.
To confirm if the OTP is valid, check whether it was triggered by a recent action you performed — such as logging into the Client Portal.
If you did not initiate any action, do not use the OTP and contact us immediately.
Client Service Desk | IT Helpdesk |
(65) 6538 0500 | (65) 6597 3241 |
Mon-Fri, 9am-6pm | Mon-Sat, 5am-5am |
In some countries, due to local telecom restrictions, OTPs sent via SMS may appear under a different sender name such as “VonageAPI” instead of “PhillipNova. This is a known issue and does not affect the validity of the OTP.
If you are not receiving the OTP or are unsure of its legitimacy:
Check your SMS spam or blocked folders
Consider switching to email OTP as an alternative
Contact our support team if the issue persists
Each OTP is valid for 5 minutes from the time of issue. For security reasons, please enter the OTP promptly after receiving it. If the OTP has expired, simply request a new one to proceed.
Phillip Nova 2.0
Click here for the Phillip Nova 2.0 2FA set up guide.
You may also refer to the video guide below:
CQG
No. 2FA can only be set up on one device at any given time.
Please email Phillip Nova Technical Support at novatech@phillip.com.sg or call (65) 6597 3241 to submit a request to unbind your current 2FA device.
Once unbinding is completed, you may log in to My CQG Portal to set up 2FA on your new device.
No. 2FA is mandatory across all Phillip Nova systems, including the Client Portal and all trading platforms.
No. 2FA for CQG can only be set up using the TOTP authenticator app.
Can't find what you are looking for?
Should you have any query, you may contact us at (65) 6538 0500 or
email us at nova@phillip.com.sg