In light of the recent spate of SMS-phishing scams targeting bank customers, the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) are set to introduce additional measures to bolster the security of digital banking.
MAS expects all financial institutions to have in place robust measures to prevent and detect scams as well as effective incident handling and customer service in the event of a scam. The growing threat of online phishing scams calls for immediate steps to strengthen controls, while longer-term preventive measures are being evaluated for implementation in the coming months.
Banks in Singapore, in consultation with MAS, will work to put in place more stringent measures within the next two weeks, including:
- The removal of clickable links in emails or text messages sent to retail customers;
- The threshold for funds transfers transaction notifications to customers to be set by default at $100 or lower;
- Delay of at least 12 hours before activation of a new soft token on a mobile device;
- Notifying a customer through an existing mobile number or email address whenever a request to change a customer’s details is put forward;
- Additional safeguards, such as a cooling-off period before implementation of requests for key account changes such as in a customer’s key contact details;
- Dedicated and well-resourced customer assistance teams to deal with feedback on potential fraud cases on a priority basis;
- More frequent scam education alerts.
These measures being imposed by MAS are aimed at lengthening the time taken to process certain online banking transactions that may be possibly fraudulent but will provide an additional layer of security to protect customers’ funds in return.
At a time when cyberattacks are being more prevalent and more sophisticated, a good level of customer vigilance remains of paramount importance. And as quick as scammers are to target unsuspecting consumers with new techniques, banks must aim to be quicker.
MAS has put forward some advice for customers who wish to avoid falling for online banking scams, including:
- Never click on links provided in SMS or emails;
- Never divulge internet banking credentials or passwords to anyone;
- Verify the origin of all contact received from a bank by calling contacting them directly on its official hotline;
- Verify the bank’s official website before making any transactions, or transact exclusively through the bank’s official mobile application;
- Closely monitor transaction notifications so that any unauthorised payments are reported as soon as possible. This will increase the chances of recovery.
Banks in Singapore are due to continue their close work with MAS, the Singapore Police Force, and the Infocomm Media Development Authority (IMDA) to tackle the rise of more sophisticated scams. This is set to include the development of more permanent solutions to combat SMS spoofing, including the adoption of the SMS Sender ID registry by all relevant stakeholders. MAS is also reportedly intensifying its scrutiny of major financial institutions’ fraud surveillance mechanisms in a bid to ensure that they’re adequately equipped to deal with the growing threat of online scams.
“As an industry, we have always focused on the need to ensure robust security measures while meeting customers’ expectations for convenient and swift services,” comments Wee Ee Cheong, Chairman of ABS. “Together with the MAS and ecosystem players, the banking industry will continue to strengthen consumer protection measures. We also ask that the public stay vigilant given that scams continue to evolve and are executed quickly. We remain committed to upholding the confidence with which customers can transact online safely, while still maintaining a high level of service.”
Ravi Menon, Managing Director of MAS, added to this with: “MAS is deeply concerned about the recent spate of scams and the financial losses suffered by victims. The threat of scams will not go away, but we can reduce our vulnerabilities. This requires a multi-pronged response across the ecosystem. MAS, together with the Police, IMDA and other relevant government agencies, is working closely with the financial industry, the telco industry, consumer groups, and other stakeholders to strengthen our collective resilience against scam attacks. We will ensure that digital banking remains secure, efficient, and trusted.”