The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) have introduced additional measures to bolster the security of digital banking in response to a recent spate of SMS-phishing scams targeting bank customers.
MAS said that it expects all financial institutions to have in place robust measures to prevent and detect scams, as well as effective incident handling and customer service in the event of a scam. The growing threat of online phishing scams calls for immediate steps to strengthen controls, while longer-term preventive measures are being evaluated for implementation in the coming months, MAS added.
Banks in Singapore, in consultation with MAS, will work to put in place more stringent measures within the next two weeks, including:
- Removal of clickable links in emails or SMSes sent to retail customers
- Threshold for funds transfer transaction notifications to customers to be set by default at S$100 or lower
- Delay of at least 12 hours before activation of a new soft token on a mobile device
- Notification to existing mobile number or email registered with the bank whenever there is a request to change a customer’s mobile number or email address. Additional safeguards, such as a cooling-off period before implementation for requests to key account changes such as in a customer’s key contact details, will also be implemented
- Dedicated and well-resourced customer assistance teams to deal with feedback on potential fraud cases on a priority basis
- More frequent scam education alerts.
These more stringent measures will lengthen the time taken for certain online banking transactions but will provide an additional layer of security to protect customers’ funds.
To avoid falling for online banking scams, MAS advises customers to:
- Never click on links provided in SMSes or emails;
- Never divulge internet banking credentials or passwords to anyone;
- Verify SMSes or emails received by calling the bank directly on the hotline listed on its official website;
- Verify that you are at the bank’s official website before making any transactions, or transact through the bank’s official mobile application; and
- Closely monitor transaction notifications so that any unauthorised payments are reported as soon as possible to increase the chances of recovery.
Banks will continue to work closely with MAS, the Singapore Police Force, and the Infocomm Media Development Authority (IMDA) to deal with the scams. This includes working on more permanent solutions to combat SMS spoofing, including adoption of the SMS Sender ID registry by all relevant stakeholders. MAS is also intensifying its scrutiny of major financial institutions’ fraud surveillance mechanisms to ensure they are adequately equipped to deal with the growing threat of online scams.
Wee Ee Cheong, Chairman of The Association of Banks in Singapore said, “As an industry, we have always focused on the need to ensure robust security measures while meeting customers’ expectations for convenient and swift services. Together with the MAS and ecosystem players, the banking industry will continue to strengthen consumer protection measures. We also ask that the public stay vigilant given that scams continue to evolve and are executed quickly. We remain committed to upholding the confidence with which customers can transact online safely, while still maintaining a high level of service.”
Ravi Menon, MD, MAS said, “MAS is deeply concerned about the recent spate of scams and the financial losses suffered by victims. The threat of scams will not go away, but we can reduce our vulnerabilities. This requires a multipronged response across the ecosystem. MAS, together with the Police, IMDA and other relevant government agencies, is working closely with the financial industry, the telco industry, consumer groups, and other stakeholders to strengthen our collective resilience against scam attacks. We will ensure that digital banking remains secure, efficient, and trusted.”
No comments:
Post a Comment