So, What Are Access Control Servers That Led to Such Massive Outage in DBS?


If you’re a DBS customer, you likely have a few bald patches on your head now, not caused by alopecia but violently pulling out your hair for the last two days.

The bank experiencing its worst outage recently since 2010, when a major systems failure caused consumer and business banking services to crash.

This time, it was the bank’s internet and mobile banking services that customers had problems with.

We’ve already had the obligatory apology, but that isn’t what irate netizens are talking about at the moment.

What Are Access Control Servers?

In a Facebook video, DBS country manager for Singapore Shee Tse Koon explained that faulty access control servers were to blame for the outage.

In response, we nodded our heads and said “Oh, okay”, acting like we knew what the heck that meant, before Googling those three words.

So, what exactly are these mysterious access control servers?

Well, if you Google the term it would seem at first that even Google’s not too sure. But this writer did some digging and came across one definition:

“An ACS (Access Control Server)…, used to support cardholder authentication, is required to be maintained by each card issuer. By providing their username and password, a customer is able to authenticate to the ACS which then signs the result as either a success or a failure.”

In English, this means that the ACS is used to authenticate a user based on their username and password before they are signed in. They also handle other means of authentication, such as biometrics and OTPs.

It’s essentially part of an institution’s security system, and handles the selective restriction of access to a place or resource.

It also handles payment verification, as well as log-in authentication, which is why DBS customers had issues not just with logging in, but also with making payments via the bank’s mobile and internet banking services.

But this doesn’t really explain anything; it would be like telling my boss I missed the deadline for an important project because my plan not to procrastinate had failed.

Could Face Supervisory Action

The Monetary Authority of Singapore (MAS) was not too pleased with the long disruption, warning that it could take “supervisory action” against the bank.

“This is a serious disruption and MAS expects DBS to conduct a thorough investigation to identify the root causes and implement the necessary remedial measures,” it said.


MAS regulations state that the total unscheduled downtime for critical systems affecting services for customers should not exceed four hours within any 12-month period.

Reports of an outage began pouring in at 10am on Tuesday (23 Nov), and even though DBS said the next morning that all services had been restored, some customers still experienced issues.

It was only at 10.35pm yesterday (24 Nov) that DBS said its digital banking services were “returning to normal.”

You can read more about the long outage here.

Read Also:

Featured Image: Tang Yan Song / + TY Lim /