（Singapore Sep 21, 2023）Asking banks to provide full restitution for losses from individual scam cases without due consideration of culpability is neither fair nor desirable, but depending on the facts of each case, banks may offer goodwill payments to customers, Alvin Tan, Minister of State, Ministry of Trade and Industry and Ministry of Culture, Community and Youth, and Board member of MAS, has said in the parliament.
“Some view that banks can easily absorb losses arising from individual scam cases… Doing so can erode vigilance and personal responsibility, and lull users into complacency,” he said, noting that MAS requires banks to secure digital systems, including by implementing multi-factor authentication to verify a customer’s identity and to authorize online transactions.
He made the remarks after, during the past year, Dr Tan Wu Meng and Ms Yeo Wan Ling raised questions on the avenues of recourse for customers who suffer losses from scams. Besides, Mr Saktiandi Supaat and Dr Lim Wee Kiak also asked about the status of the Shared Responsibility Framework.
Tan said Singapore adopts a three-pronged strategy to fight scams, including the upstream measures, downstream measures, and public education.
“Our collective efforts are showing some encouraging signs,” he said.
From January to June this year, the total amount that victims reported to have been cheated – S$334.5 million (US$245.7 million) – dropped by 2.2 percent from S$342.1 million in the same period in 2022, according to data released by the police last week.
“Nevertheless, the scam situation remains serious. With more of us transacting digitally, bad actors are adopting increasingly sophisticated methods to target victims,” he said, noting that the whole society must constantly sharpen its approach to fight scams in this rapidly evolving landscape.
Among scam types prevalent today, digitally-enabled scams involving phishing and malware are of gravest concern. This is where victims either gave away or had their banking credentials stolen, leading to unauthorised transactions, he said.
“In recent months, we’ve seen a growing number of malware-enabled scam cases, with some victims suffering considerable losses. Left unaddressed, such scam threats and ensuing losses can undermine public confidence in payments and digital banking.”
He said the Cyber Security Agency of Singapore (CSA) and the Singapore Police Force (SPF) are working with key tech players to limit mainstream access to identified malware variants and tools, such as those used in scams seen here in Singapore.
Agencies are also working with industry and international partners to raise the security standards of mobile operating systems and mobile devices.
SPF has taken timely enforcement action, and works with banks to trace and recover funds. SPF also collaborates with overseas law enforcement agencies to take down cross-border scam syndicates.
MAS has also been working closely with our banks to strengthen anti-malware controls, fraud surveillance, and detection capabilities. Major retail banks have hence enhanced their security measures to protect customers against malware scams, and will progressively introduce refinements or new measures to keep pace with changes in the threat landscape. Members might know that the ABS announced this a few hours ago.
A recent example is OCBC’s move to block mobile banking access on devices that are detected to carry potentially malicious apps. Other banks are implementing similar measures.
Banks are also exploring MoneyLock, to allow customers to set aside an amount in their bank accounts which cannot be digitally transferred out without strict authentication measures. This will further help to limit losses against scams, he said.
The Government is also targeting outreach and messages to vulnerable groups, including seniors, students, and migrant workers.
“MAS requires banks to secure digital systems, including by implementing multi-factor authentication to verify a customer’s identity and to authorize online transactions; and also sending notification alerts to customers so they can report unauthorized transactions as soon as possible,” he said.
“However, we should also note that scammers can still bypass these digital security measures, by deceiving customers into inadvertently divulging their account access credentials or downloading malware, thereby granting scammers total access, or remote access rather, to victims’ devices and their accounts.”
He said individual customers thus also have an important responsibility to protect access to their accounts, and this includes practising good cyber hygiene and being diligent in preventing their login information and OTPs from being divulged to third parties.
MAS has issued guidance for banks to institute clear customer handling and investigation processes and to treat customers fairly in all disputes. MAS also monitors how banks handle such disputes. In scam cases, banks must consider if they have fulfilled their obligations, and whether the victim has acted responsibly. Customers who practiced good cyber hygiene and were diligent in preventing their login information and OTPs from being divulged to third parties, should not have to bear losses, he said.
Depending on the facts of each case, banks may offer goodwill payments to customers. If a customer is unsatisfied with an offer, he may decline and approach the Financial Industry Dispute Resolution Center (FIDReC) for mediation and adjudication. A customer can further pursue his case in court if he is not satisfied with the outcome.
If the customer accepts a goodwill payment offer, he or she will be bound by the terms of the offer. Should new information come to light that is materially different from the premise upon which the customer had accepted the goodwill offer, the customer can request the bank to relook the case or to approach FIDReC for assistance.
“Scams are an ever-present and evolving threat. The Government will spare no effort to implement effective upstream and downstream anti-scam measures alongside industry,” he said.
In a press release on Monday, the Association of Banks in Singapore said major retail banks here have enhanced their security measures to protect customers from malware scams.
It said the association will “progressively introduce refinements or new measures to keep pace with changes in the threat landscape”.