SINGAPORE: Banks must block or hold for 24 hours suspicious transactions involving more than S$25,000. This move must be part of banks’ real-time fraud surveillance to substantially reduce cases of customers having large sums of money rapidly drained from their accounts without their knowledge, the Monetary Authority of Singapore (MAS) announced on Oct 24. An account is considered to be rapidly drained if more than half of a balance of at least S$50,000 is transferred out cumulatively over a day.
It is among newly announced measures to counter phishing scams that could undermine confidence in Singapore’s digital banking and payment systems. This was spelt out under the finalised Shared Responsibility Framework (SRF) for phishing scams, unveiled on Oct 24. The SRF complements existing moves that have been made to counter scams.
For instance, major retail banks have been restricting access to their apps if customers have downloaded apps from untrustworthy installers or apps with risky permission settings, to counter malware-related scams. Banks have six months from Dec 16, the date the SRF kicks in, to implement the new measure. The finalised SRF governs how financial institutions and telcos may have to share in paying out to victims their losses in certain phishing scams if these organisations fail to perform their duties.
It aims to save consumers hassle when they are seeking reimbursement. Currently, the onus is on them to provide proof that their losses were not due to their own negligence. Overall, banks have to fulfil five key duties, and telcos three key ones, under the SRF.
If these organisations do what is necessary under the framework, consumers will bear the full losses. “With the addition of a new fraud surveillance duty, some retail customers may experience more inconvenience when conducting larger-value transactions,” said MAS financial supervision managing director Ho Hern Shin. “This additional friction is necessary to protect customers against large unauthorised transactions.
” The finalised SRF comes after two months of industry consultation at the end of 2023 and almost a year of deliberation by MAS and the Infocomm Media Development Authority. It is not meant to be a catch-all fraud reimbursement framework. For instance, it does not offer coverage in the case of payments arising from investment or love scams, or fraudulent transactions due to hacking, identity theft or the downloading of malware.
The scope of the SRF is confined to phishing scams conducted on a digital platform, such as a fake website accessed through a link, where victims are tricked into entering their account details. Organisations that get impersonated must either be based in Singapore or have already offered services to Singapore residents. This, for instance, includes cases where a fraudster pretends to be from a legitimate entity such as Singapore Post or DHL and sends e-mails or SMSes claiming account-related issues, to trick victims into clicking on a link to a fake website to enter their account details.
Singapore is possibly the first jurisdiction to include telcos in a fraud reimbursement framework. — The Straits Times/ANN.
Business
Financial institutions, telcos to be accountable to scam victims
SINGAPORE: Banks must block or hold for 24 hours suspicious transactions involving more than S$25,000. Read full story