Singapore
MAS-IMDA Proposal: Consumers, banks and telecoms to share responsibility in combating digital fraud
MAS and IMDA outline a collaborative approach in a new proposal, emphasizing mutual responsibility between consumers and companies in Singapore to counteract digital fraud.
SINGAPORE: Amidst a concerning wave of digital fraud, a comprehensive consultation paper released by the Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority (IMDA) has laid out a meticulous framework that proposes how losses from phishing scams and similar frauds should be apportioned between consumers, banks, and telecommunication companies (telcos).
This initiative marks a significant stride toward fortifying consumer rights while ensuring that institutions uphold stringent security measures.
At the heart of the paper is a “waterfall” approach, which serves as a blueprint for assessing liability in the aftermath of unauthorized transactions. The approach positions financial institutions at the vanguard, necessitating them to implement robust anti-scam measures.
These measures include enforcing a 12-hour cooling-off period for new payees, sending real-time alerts for transactions, and maintaining round-the-clock channels for reporting suspicious activities.
In case of non-compliance or lapses, banks would be obligated to reimburse consumers fully for any losses incurred. This mandate reinforces the institutions’ accountability in their role as custodians of customer funds, a move expected to bolster public confidence in digital banking services.
Simultaneously, the framework delineates specific responsibilities for telcos, necessitating them to enhance security measures.
These include ensuring the authenticity of connections for Sender ID SMS and deploying sophisticated content filters to intercept and block scam-related communication.
Telcos would bear liability for losses if it’s determined that scams succeeded due to shortcomings in these security protocols, despite due diligence on the part of financial institutions.
However, the paper starkly highlights the responsibility of consumers in safeguarding their cyber hygiene. It points out that the onus is on individuals to prevent exposure to scams by maintaining digital diligence.
Under the new framework, consumers would bear the losses if it’s established that they failed to exercise reasonable care, even if banks and telcos have met their respective obligations.
The proposed strategy also entails a systematic four-stage process for managing claims, ranging from the initial submission to investigation, outcome communication, and, if necessary, further avenues for dispute resolution.
This structured approach is anticipated to enhance transparency and efficiency in how scam-related claims are handled, thereby reinforcing consumer trust in digital transactions.
Ms Ho Hern Shin, Deputy Managing Director (Financial Supervision), MAS, said “MAS, the financial industry and other government agencies have been collaborating closely to combat scams. The SRF assigns shared responsibility by specifying upstream anti-scam duties FIs and Telcos have to adhere.”
“Breaches of the duties will result in payouts to affected scam victims. This incentivises vigilance by all parties in the ecosystem to uphold safety in e-payments. Alongside the proposed SRF, we are also proposing amendments to the E-payments User Protection Guidelines (EUPG), to uplift the standards of anti-scam measures across the financial system, and reinforce consumer’s responsibility to take precautions against scams.”
Ms Aileen Chia, Deputy Chief Executive (Connectivity, Development & Regulation), IMDA said “IMDA has worked closely with the Telcos to implement a multi-layered approach to prevent scams from being conducted over calls and SMS.”
“Measures such as the mandatory SMS Sender ID Registry introduced in January 2023 have significantly reduced the number of scam SMS cases by 70% in the 3 months since the Registry’s launch. The inclusion of Telcos in the Shared Responsibility Framework as supporting infrastructure providers serves to strengthen the ecosystem against scams,” added Ms Chia.
Public and industry stakeholders have until 20 December 2023 to provide their feedback on the consultation paper.
What scams are covered in the proposal
The proposed guidelines will initially concentrate on phishing scams that have a distinct connection to Singapore, according to the consultation document.
These types of scams are characterized by situations where victims are lured into interacting with a phishing link, subsequently providing their personal information on a deceptive online portal.
The scams either impersonate entities operating within Singapore or foreign entities servicing Singapore residents.
A common scenario involves scammers masquerading as reputable organizations, such as SingPost or a government agency such as Ministry of Manpower, dispatching counterfeit text messages or emails containing a link to an imitation website.
By asserting issues related to the recipient’s account, they aim to dupe individuals into submitting their account information on the sham site.
However, the framework will not encompass cases where victims knowingly authorize payments, as seen in investment or romance scams, or situations where individuals are conned into directly sharing their details with scammers through messages or analog methods.
Additionally, the authorities will not immediately address malware scams, which have recently witnessed a surge, within this framework.
The reason, as articulated by MAS and IMDA, hinges on the novelty of malware scams and the ongoing deployment of countermeasures, making it untimely to delineate explicit duties for various parties involved.
In response to the evolving threat of malware scams, key retail banks in the region have initiated significant anti-malware defenses and are in the process of implementing a “funds freeze” functionality for enhanced customer protection.
Proposal for banks to reimburse victims in malware scams shot down in Parliament
Sylvia Lim, chairman of the Workers’ Party, previously thrust the issue of compensation in Parliament, proposing banks to fully reimburse scam victims for losses from malware scams beyond their control.
Speaking in an adjournment motion on 18 September, Ms Lim, citing the vulnerabilities inherent in the current digital banking landscape, had declared, “Given the delay in the publication of this framework, many scam victims have been left without recourse under the Loss Sharing Framework by no fault of their own.”
She further championed the need for stronger consumer protection protocols, referencing models in jurisdictions like the UK where banks play a more proactive role in scam prevention and victim reimbursement.
However, her proposal met resistance from Minister of State for Trade and Industry, Mr Alvin Tan. He contended that an unequivocal restitution policy could inadvertently undermine personal accountability.
In a definitive rebuttal, Mr. Tan stated, “Full restitution without due consideration of culpability is neither fair nor desirable. Doing so can erode vigilance and personal responsibility, and lull users into complacency.”
Mr Tan underscored the government’s comprehensive strategy against digital fraud, referring to the strengthening of system security via multi-factor authentication and the launch of public education campaigns and anti-scam applications like Scamshield.
He further emphasized the importance of consumer responsibility in ensuring transaction security: “Even with enhanced security, scammers can still bypass the digital security measures. This is why every consumer has to play an important role by practising good cyber hygiene and being digitally diligent.”
Banks charge administrative fees and annual this and that and transfer fees. So how does protecting our $$ fall under our belt. What if people took everything out and kept minimal sums in there? You call yourself an IT hub a Banking hub and you cannot even protect your clients but choose to side step this alarming trend?
Can we revert back to our systems? 1) No need money to open a bank Account 2) No need to carry cheque book 3) No need ATM machine 4) No minimum deposits needed to keep your bank account alive. 5) No penalty for insufficient amount in the bank account 6) No need to download apps for depositing or withdrawing money 7) No need software, no scams can attack. 8) Can withdraw any amount, 24 /7 days 9) No need to queue to withdraw money or deposit money 10) No need to bank in cheques or deposit cheques 11) No need… Read more »
Milo tins are still safer to put your money. tsk tsk tsk
MAS + DBS heads must roll for not meeting customers expectations. What do you think?
Our highly paid top talents and regulators who can’t even discern these scams and stop same trying to apportion blame to the consumers. So why should they be paid top salary? In the case of dispute resolution between the parties, who have more financial and legal resources to go through same since the poor victim (consumer) had already been scammed most if not all of their money. Just like in the case of a CASE Trust accredited company, what is the responsibility of CASE if it failed the consumers? Or will it be the case of we just do audit… Read more »
It’s thoroughly ridiculous when bank customers has to pay for stupid idiotic bank protective measures of their money.
When Khaw Boon Wan implied WP corruption by saying, LINKING, friends giving money to friends – then isn’t it worst the banks gave away MONEY NOT THEIRS TO strangers and unknowns?
Banks making 10$ millions$ of dollar$ in DAYS DON’T hv the most secured systems in PLACE IS UTTER BS.
They left out the social media giants who make tons of money from selling advertisements, some of which are click bait for malware related to scams. Banks need to improve their KYC (Know Your Customers) systems to stop fraudulent transactions. Telcos need to be regulated to wake up their idea thinking that their only responsibility is to make profits. They need to screen calls to filter out spam/scam calls.