The Monetary Board of Singapore (MAS) and the Association of Banks in Singapore (ABS) disclosed stricter measures that banks and customers must follow to increase the security of digital banking in the country. These measures come at the heels of the recent uptick in SMS-phishing scams targeting bank customers.
MAS Managing Director Ravi Menon expressed the institution’s concern over the string of scams that have led to financial losses for its victims.
“The threat of scams will not go away, but we can reduce our vulnerabilities,” he said. “This requires a multi-pronged response across the ecosystem. MAS, together with the Police, IMDA and other relevant government agencies, is working closely with the financial industry, the telco industry, consumer groups, and other stakeholders to strengthen our collective resilience against scam attacks.”
All financial institutions are required to have strong measures in place to recognise and prevent scams and effective incident handling and customer service should one occur. Online phishing scams have become ubiquitous, bringing about the need to strengthen controls and long-term preventative measures in the coming months.
While the outlined measures below may lengthen the time taken for certain online banking transactions, they will serve as an additional layer of security for customers’ funds:
- Removal of clickable links in emails or SMSes sent to retail customers
- Threshold for funds transfer transaction notifications to customers to be set by default at $100 or lower
- Delay of at least 12 hours before activation of a new soft token on a mobile device
- Notification to existing mobile number or email registered with the bank whenever there is a request to change a customer’s mobile number or email address
- Additional safeguards, such as a cooling-off period before implementation for requests to key account changes such as in a customer’s key contact details
- Dedicated and well-resourced customer assistance teams to deal with feedback on potential fraud cases on a priority basis
- More frequent scam education alerts.
Customers are also urged to take part in securing their banking transactions. Scammers have exploited the pandemic, targeting unwitting victims. Thus, customers are enjoined to observe the following steps:
- Never click on links provided in SMSes or emails
- Never divulge internet banking credentials or passwords to anyone
- Verify SMSes or emails received by calling the bank directly on the hotline listed on its official website
- Verify that you are at the bank’s official website before making any transactions, or transact through the bank’s official mobile application
- Closely monitor transaction notifications so that any unauthorized payments are reported as soon as possible to increase the chances of recovery
Banks, the MAS, the Singapore Police Force and the Infocomm Media Development Authority (IMDA) will continue to work together to battle scams. This involves developing more permanent solutions against SMS spoofing as well as adoption of the SMS Sender ID registry by all involved parties.
MAS is also ramping up its investigation of major financial institutions’ fraud surveillance mechanisms to ensure that they are ready to handle online scams.
“As an industry, we have always focused on the need to ensure robust security measures while meeting customers’ expectations for convenient and swift services,” ABS Chairman Wee Ee Cheong said. “Together with the MAS and ecosystem players, the banking industry will continue to strengthen consumer protection measures. We also ask that the public stay vigilant given that scams continue to evolve and are executed quickly. We remain committed to upholding the confidence with which customers can transact online safely, while still maintaining a high level of service.”
