Tuesday, May 28, 2024
Homesingapore businessSafeguards by banks, telcos under shared liability framework to 'materially reduce' phishing...

Safeguards by banks, telcos under shared liability framework to 'materially reduce' phishing scam risks: MAS

SINGAPORE: The full implementation of the anti-scam obligations assigned to financial institutions and telecommunication companies (telcos) under a newly proposed shared responsibility framework should “materially reduce” the risk of phishing scams, said Minister of State for Trade and Industry Alvin Tan on Tuesday (Nov 7).

Last month, the Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority (IMDA) put out a long-awaited consultation paper, which proposed that financial institutions and telcos that were negligent bear the responsibility of phishing scam losses ahead of victims.

The paper sets out a list of “discrete and well-defined duties” for these companies, making them liable to pay if they have fallen short of their responsibilities. These duties include failure by banks to send outgoing transaction alerts to consumers and telcos failing to implement a scam filter for SMSes.

Authorities have said that the framework hopes to strengthen the “direct accountability” of financial institutions and telcos to their consumers.

“Besides assigning accountability for scam losses, the important point is that full implementation by the financial institutions and telcos of their respective safeguards should materially reduce the risk of phishing scams in this first instance,” said Mr Tan, who is an MAS board member.

The MAS estimates that about 15,000 phishing scam cases have occurred between 2021 and mid-2023, with an average loss of about S$3,900 (US$2,880).

The number of such scams continued to increase in the first half of 2023 versus a year ago, but made up a smaller proportion of the total scam cases – down from 17 per cent to 13 per cent.

The average loss for each phishing scam also declined by 20 per cent over the same period.

24:33 Min


Negligent banks, telcos may be held responsible for scam victims’ losses as part of proposed measures

Banks, telcos or consumers – who will bear phishing scam losses under proposed framework? Here are 4 scenarios

Under the suggested framework, responsibility for scam losses is assessed based on a “waterfall approach”, with banks being first in line to bear the full liability. This is followed by the telcos, based on the importance of their roles in preventing scams.

If both the bank and telco have carried out their duties, consumers will have to bear the full loss.

As a start, the suggested framework focuses on phishing scams that happen digitally. This means that other scams, such as investment or love scams where victims authorise payments to scammers, and malware fraud are excluded.

Mr Tan noted the need to draw the line between authorised and unauthorised transactions. Including the former under the proposed framework would mean extending it to “all manner of deceptions where victims are tricked into willingly handing over their money”, he told Parliament.

Hence, the best approach to tackle scams involving authorised transactions is for customers to “exercise utmost vigilance and taking personal responsibility”, Mr Tan said, noting that authorities are stepping up public education efforts including constant public advisories.

“We also want to guard against the moral hazard risk in terms of consumers letting their guard down and potentially also working in cahoots with scammers to default the banks,” he added.

Singapore is the first to consider an “ecosystem approach” by including telcos in its reimbursement framework for scams. Describing this as “a good start”, Mr Tan noted that the framework is “a live document” that will be reviewed to better respond to changing scam typologies.

“It’s a good start, and it’s a start that we will constantly review (and) constantly refresh.”

At the moment, authorities are in touch with other players in the ecosystem, such as key technology firms. Google, for one, has been working with IMDA, MAS and financial institutions to strengthen its Play Protect malware protection system to better detect malicious apps.

Likewise, authorities are watching out for malware scams which have been on the rise in recent months.

Acknowledging concerns about how this new scam variant is currently excluded from the framework, Mr Tan said that the prescribed duties of banks and telcos are currently targeted at addressing phishing scams and are not suited to address “the evolving and developing nature” of malware scams.

“But I want to assure … members of this House that we will review these new scam variants, such as malware, as part of subsequent updates of (the shared responsibility framework).” 

Beyond the proposed framework, banks also have in place discretionary goodwill frameworks to assist consumers who fall prey to scams. 

“MAS is leaning on the banks to be even more accommodative in applying these goodwill payment frameworks, taking into account the sophistication of scam typology as well as consumers’ financial situation among others,” said Mr Tan.


Singapore must find 'right approach' to decide who takes responsibility for malware scam losses: MAS chief


Members of Parliament Sylvia Lim (WP-Alujined) and Tan Wu Meng (PAP-Jurong) also asked about the process of requesting for physical security tokens from banks.

Currently, retail banks offer physical tokens upon request but both MPs, citing feedback from their residents and their own experiences, noted that customers often face difficulties in doing so.

Describing her own experience at a local bank as “not easy”, Ms Lim said: “I was first told that it is not going to be issued … I had to insist and special approval was then obtained from the branch manager to issue the token to me.”

“I was also warned that they might be phased out in due course and they cannot assure me that this service will be available,” she added, without naming the bank.

Echoing a similar experience, Mr Tan said he was told by a bank that physical tokens “have been phased out and it wasn’t an option”.

“So, it seems quite clear that there are a number of banks across Singapore who are making it very hard for customers to get a physical token,” he said.

Thanking both MPs for their feedback, Mr Tan said the MAS will work with the banks to ensure “less friction” in these requests for physical tokens, especially for customers who are “not as adept or … don’t yet have that confidence with digital tokens”.


FAQ: How to avoid being scammed and what to do if you become a victim
- Advertisment -

Most Popular