MAS and ABS announce measures to bolster digital banking security
27 January 2022
On 19 January 2022, the Monetary Authority of Singapore (“MAS”) and the Association of Banks in Singapore (“ABS”) announced the introduction of a set of additional measures to bolster the security of digital banking, following the recent spate of SMS-phishing scams targeting bank customers.
All financial institutions are expected to have in place robust measures to prevent and detect scams, as well as effective incident handling and customer service in the event of a scam. Immediate steps to strengthen controls are needed to address the growing threat of online phishing. Banks in Singapore, in consultation with MAS, will work to implement more stringent measures within two weeks, including:
- removing clickable links in emails or SMSes sent to retail customers;
- setting a default threshold of S$100 or lower for funds transfer transaction notifications to customers;
- a delay of at least 12 hours before the activation of a new soft token on a mobile device;
- a notification to the existing mobile number or email registered with the bank whenever there is a request to change a customer’s mobile number or email address;
- additional safeguards, such as a cooling-off period before the implementation of requests for key account changes such as in a customer’s key contact details;
- dedicated and well-resourced customer assistance teams to deal with feedback on potential fraud cases on a priority basis; and
- more frequent scam education alerts.
Although these measures will lengthen the time taken to complete some online banking transactions, they will provide an additional layer of security to protect customers’ funds.
MAS also announced that longer-term preventive measures are being evaluated for implementation in the coming months.
Banks will continue to work closely with MAS, the Singapore Police Force, and the Info-communications Media Development Authority to deal with the situation, including working on more permanent solutions to combat SMS spoofing, such as the adoption of the SMS Sender ID registry by all relevant stakeholders. MAS is also intensifying its scrutiny of major financial institutions’ fraud surveillance mechanisms to ensure they are adequately equipped to deal with the growing threat of online scams.
Reference materials
The press release is available on the MAS website www.mas.gov.sg.