SINGAPORE: Recent weeks have seen Singapore’s banks announce several new anti-scam measures.
From November, DBS, OCBC and UOB will roll out a “money lock” feature that will allow customers to ringfence a certain amount of their savings that cannot be digitally transferred out.
The three local banks as well as US lender Citi have also announced new anti-scam security measures to harden user mobile phone security, including restricting user access to the banks’ apps on their mobile phones if apps from unverified app stores – also known as sideloaded apps – are detected.
Understandably, rumblings have been heard from consumers inconvenienced by such recent measures. In some cases, customers have had to take additional steps to complete their transactions. In others, an enforced wait time slowed down their tasks. In some other cases, they had to uninstall certain apps for their mobile banking apps to work.
The Association of Banks in Singapore (ABS) rightfully observed that the anti-malware security measures may impact customers’ experience in performing banking transactions, but banks will continually calibrate their approach to achieve a right balance between the risk of fraud and inconveniencing legitimate transactions.
Commentary: As scams get more sophisticated, young and digitally savvy individuals are more likely to fall prey
THE INCREASING SCOURGE OF SCAMS
The banks’ new measures come in the wake of a surge in scam cases. Fraudsters siphoned S$660.7 million from their victims last year, up from S$632 million in 2021.
In the first half of this year alone, there have been 22,339 scam cases – a surge of 64.5 per cent from the same period last year – with victims losing S$334.5 million.
Nary a day goes by without news of someone falling victim to a scam.
One wonders how many more people would have been scammed and how much more money lost without the Singapore Police Force’s Anti-Scam Command (ASCom), which was operationalised in March 2022.
With the participation of banks and financial institutions, the Government Technology Agency (GovTech) as well as the collaboration of foreign law enforcement, the ASCom has been able to uncover scams, sometimes even before the victims realised they were victims, thus providing the public with information of the modus operandi of these scams.
GREATER REGULATION REQUIRED TO PROTECT US FROM GREATER HARMS
In his forward for the book Technology Regulation in the Digital Economy by Singapore Academy of Law chief executive Yeong Zee Kin, Justice Lee Seiu Kin wrote that “(T)he digital revolution was made possible by the interconnection of data, accompanied by huge advances in computing power, data storage and bandwidth. But while we can obtain great value from data, it also has the potential to cause great harm. Hence, entire fields of regulation have grown around various aspects of the use, storage and transfer of data.”
So it is as Justice Lee observed, that the technologies around us require greater regulation to be enacted to protect against the greater harms that they have inevitably exposed us to.
The scams being perpetuated in Singapore have increased in sophistication.
One example is the authentication using the short messaging system (SMS) – this was previously seen as being good enough but events in early 2022 have led to the SMS system being tightened and the phasing out of SMS as the sole authentication factor.
The variety of scams has also evolved from business email compromise attacks to authorised push payments via phishing scams, impersonation of government officials, and those involving the sale of local favourites such as durians, mooncakes and seafood.
THE PROBLEM WILL GET WORSE
The bad news is that the attractiveness of easy pickings will only encourage these perpetrators and motivate them to continue innovating as they already have. The emergence of new technologies such as artificial intelligence is already being used by scammers to create deepfakes to convincingly have a video or phone conversation.
Thankfully, the authorities and financial institutions have acted to take steps. In January 2022, banks in Singapore announced new measures to boost digital banking security amid a spate of SMS phishing scams.
The measures include the removal of clickable links in SMSes or emails sent to customers, setting a default threshold of S$100 or lower for funds transfer transaction notifications and having a delay of at least 12 hours to activate a new soft token on a mobile device.
Banks will also send a notification to the existing mobile number or email registered with the bank whenever there is a request to change these details.
Other measures included additional safeguards such as a cooling-off period before implementation of key account changes – for instance contact details – and more frequent scam education alerts.
Dedicated and well-resourced customer assistance teams to deal with feedback on potential fraud cases on a priority basis are also required.
Banks are also now required to, among other things, ask for additional confirmation to process significant changes to customer accounts and other high-risk transactions identified through fraud surveillance, set the default transaction limit for online funds transfers to S$5,000 or lower and provide an emergency self-service “kill switch” for customers to suspend their accounts quickly if they suspect their bank accounts have been compromised.
The Singapore Police Force has also advised members of the public not to download suspicious Android package kit (APK) files from third party or dubious sites, as this can lead to malware being installed on their devices. Recommendations to install anti-virus software have also been made.
Commentary: Online scams in Southeast Asia create double victims – those targeted and those forced to carry them out
INCONVENIENCE A NECESSARY TRADE-OFF
Harking back on Justice Lee’s words – the very same ease in which we can now do our banking anytime and anywhere is also the weakness preyed upon by scammers to siphon large amounts of assets quickly and stealthily.
The reduction of the ability for scammers to do so will result in more friction being added to such transactions and accordingly impacts the ease by which consumers carry out their legitimate transactions.
It is an imperfect solution, but at the moment, the trade-off is one that consumers must bear to balance safety and convenience.
There is currently no silver bullet to solve this issue and even if one is found, it could very well be short-lived until scammers come up with their next iteration of tactics.
The last piece to the puzzle is still the customer. This is why in the upcoming shared responsibility framework, the role of the customer in this fight against scammers will carry responsibility – the customer will have his part to play, in making decisions and wise choices when it comes to trade-offs.
Bryan Tan is a Technology, Media and Telecom partner at Reed Smith and former president of the Singapore chapter of the Internet Society.