MAS, ABS tighten online banking rules

Image courtesy of Rupixen

The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) are implementing additional security measures to enhance customer protection against digital banking scams.

The new protocols, which shall be in full effect on 31 October 2022, are on top of the regulations announced in January.

In consultation with MAS and the Singapore Police Force (SPF), banks are now progressively implementing the following:

  • Require additional customer confirmations to process significant changes to customer accounts and other high-risk transactions identified through fraud surveillance.
  • Set the default transaction limit for online funds transfers to SG$5,000 or lower.
  • Provide an emergency self-service “kill switch” for customers to suspend their accounts quickly if they suspect their bank accounts have been compromised.
  • Facilitate rapid account freezing and fund recovery operations by co-locating bank staff at the SPF Anti-Scam Centre.
  • Enhance fraud surveillance systems to take into account a broader range of scam scenarios.

Meanwhile, the regulator also strongly encouraged customers to utilise mobile banking apps instead of web browsers to reduce the risk of opening malicious websites.

On the part of the banks, they are tasked to continue enhancing the functionality of their mobile apps, and assist their customers towards the transition of using such apps.

An ABS Standing Committee on Fraud will also be formed, comprised of the “seven domestic systemically important banks” — DBS Bank, Oversea-Chinese Banking Corporation, United Overseas Bank, Citibank, Malayan Banking Berhad, Standard Chartered Bank and The Hongkong and Shanghai Banking Corporation.

The Committee will report directly to the ABS Council, and is expected to drive the industry’s anti-scam efforts, among other responsibilities.

MAS and ABS also announced that a draft framework for equitable loss sharing between consumers and financial institutions is being finalised, and will be put up for public consultation soon.

“As an industry, we are constantly reviewing and putting in place sensible and secure measures to safeguard our customers from scams while allowing them to bank with ease. Combating scams, whether digital or otherwise, requires the effort and cooperation of everyone – banks, ecosystem players and also customers. Public awareness and staying vigilant are key. We are committed to working together with all stakeholders to uphold the trust and confidence of digital banking,” said Wee Ee Cheong, ABS Chairman.

“The fight against scams requires vigilance across the ecosystem. This further set of measures will strengthen customers’ ability to protect themselves against digital banking scams. MAS will continue to work with other government agencies and financial institutions to strengthen our financial system’s resilience against scams,” said Ho Hern Shin, Deputy Managing Director (Financial Supervision) at MAS.

Meanwhile, Ajay Biyani, Regional Vice President, ASEAN, ForgeRock, welcomed the announcement of ABS and MAS, as it reinforces Singapore’s commitment to strengthening customer safeguards from digital banking scams.

“The financial services industry is changing on an unprecedented scale due to the rapid increase of digital channels. As fraud and attack vectors continue to evolve, so do anti-fraud technologies. It is essential for organisations to have a pluggable and decomposable architecture to adopt new and innovative technologies to reduce the threat surface area,” said Biyani.

“Digital banks need to place importance on securing customer data, privacy, and safeguarding the integrity of the overall financial services ecosystem. This can be achieved through pre-built integrations with a large network of industry-leading strong authentication, risk and fraud management, behavioural biometrics, and identity-proofing solutions. Till today, unauthorised access remains the leading cause of breaches, so utilising AI (artificial intelligence) and ML (machine learning) helps to close those security gaps with powerful intelligence and orchestration at the identity perimeter,” he added.