Media
Year 2022
January 2022

New measures announced to boost digital banking security amid spate of SMS phishing scams

January 19, 2022
By Gabrielle Andres

A scam victim using a mobile phone is seen in this illustration photo. (File photo: iStock)

SINGAPORE: Additional measures will be put in place within the next two weeks to bolster security of digital banking services, following a recent spate of SMS phishing scams targeting bank customers.

“The growing threat of online phishing scams calls for immediate steps to strengthen controls, while longer-term preventive measures are being evaluated for implementation in the coming months,” the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) said on Wednesday (Jan 19).

“MAS expects all financial institutions to have in place robust measures to prevent and detect scams as well as effective incident handling and customer service in the event of a scam.”

The measures include the removal of clickable links in SMSes or emails sent to customers, setting a default threshold of S$100 or lower for funds transfer transaction notifications and having a delay of at least 12 hours before the activation of a new soft token on a mobile device.

Banks will also send a notification to the existing mobile number or email registered with the bank whenever there is a request to change these details.

Additional safeguards such as a cooling-off period before implementation of key account changes – such as key contact details – and more frequent scam education alerts will also be put in place.

“These more stringent measures will lengthen the time taken for certain online banking transactions but will provide an additional layer of security to protect customers’ funds,” said MAS and ABS.

However, they also cautioned that customer vigilance “remains of paramount importance” as scammers are quick to adapt in targeting unsuspecting customers.

“Banks will continue to work closely with MAS, the Singapore Police Force, and the Infocomm Media Development Authority (IMDA) to deal with this scourge of scams,” MAS and ABS said.

This includes working on more permanent solutions to combat SMS spoofing, including the adoption of the SMS sender ID registry by all relevant stakeholders.

“MAS is also intensifying its scrutiny of major financial institutions’ fraud surveillance mechanisms to ensure they are adequately equipped to deal with the growing threat of online scams,” they added.

MAS managing director Ravi Menon noted that the threat of scams will not go away but “we can reduce our vulnerabilities”.

“This requires a multi-pronged response across the ecosystem,” he said.

He added that MAS, together with the police, IMDA and other relevant Government agencies, is working with stakeholders to “strengthen our collective resilience against scam attacks”.

“We will ensure that digital banking remains secure, efficient, and trusted,” he said.

The announcement comes after hundreds of OCBC Bank customers fell prey to online phishing scams last month, losing a total of at least S$8.5 million.

The scam involved unsolicited SMSes claiming there were issues with the user’s bank accounts, asking them to click on a link to resolve the problem.

Upon clicking, the user would be redirected to a fake bank website and asked to key in their iBanking account login details. They would find out they had been scammed when they received notifications informing them of unauthorised transactions charged to their bank accounts.

OCBC Bank said on Monday that it has begun making “goodwill payouts” to affected customers.

It added that it has since set up a dedicated support team for the victims and has reached out to those affected to address their concerns.

On Wednesday, DBS Bank also issued a warning to customers that scammers are “actively targeting” them via suspicious login alert messages.

Source: CNA/ga(zl)
Organised By
Held In
Supported By
Supporting Agencies
Official Airline
Official Newswire
Supporting Organisations

Milipol Asia-Pacific

Join our
mailing list

  • This field is for validation purposes and should be left unchanged.