CPF implements S$2,000 daily online withdrawal limit from 30 Nov for member security against scams

SINGAPORE: Effective from 30 November, a default online withdrawal limit of S$2,000 (approximately US$1,490) per day will be enforced for all CPF members aged 55 and above in Singapore.

This measure aims to enhance the protection of Central Provident Fund (CPF) members against potential scams.

As per the CPF Board’s statement released on Monday (20 Nov), CPF members have the flexibility to adjust this daily limit between S$0 and S$200,000 by accessing their accounts online.

However, any increase in the withdrawal limit requires Singpass face verification (SFV) and includes a mandatory 12-hour cooling period to prevent unauthorized modifications, as specified by the CPF Board.

For those who prefer not to conduct online withdrawals, they have the option to activate the CPF Withdrawal Lock, which sets the daily withdrawal limit to $0. In such cases, withdrawals can only be processed in person at CPF service centers.

Re-enabling online withdrawals necessitates members to undergo Singpass facial verification again and endure a 12-hour waiting period for the changes to take effect.

From November 30 onwards, Singpass facial verification and the 12-hour cooling period will also be mandatory when updating contact details with the CPF Board.

Furthermore, by the end of December, any alterations to bank account details will require Singpass facial verification. New bank accounts will be activated only after confirmation by the bank, a process taking up to two working days to ensure ownership by the member.

“Introducing a default daily limit for online CPF withdrawals is part of CPF Board’s ongoing efforts to safeguard CPF savings against fraudulent withdrawals online,” said the statement.

“This is on top of our existing precautionary measures, which include SFV as a step-up authentication challenge for certain CPF e-services. ”

“In addition, CPF members can be assured that their CPF savings can only be paid to bank accounts that are verified as belonging to them.  They will also be notified immediately of any CPF withdrawals.”

In the event that CPF members suspect they have become victims of a scam related to their CPF savings, it is recommended that they contact the CPF Board promptly.

Additionally, they should take immediate action to freeze their bank accounts through their respective banks, reset their Singpass password, and adjust their CPF daily withdrawal limit to $0.

The statement also advises members to file a police report without delay.

“While these precautionary measures may cause some inconvenience for CPF members, we seek their understanding that it is better to be safe than sorry, especially in today’s environment. ”

CPF Board added that it will continually review measures to achieve the right balance between convenience and security.

Two victims lost nearly S$100k in CPF savings after fell victim to malware scams in June

In June of this year, Singaporean authorities disclosed that a minimum of two Android users fell victim to scams, resulting in the loss of at least S$99,800 from their CPF savings due to malware-related incidents.

Details regarding the victims’ ages were not disclosed. Victims reportedly stumbled upon advertisements for groceries, including seafood, on various social media platforms, primarily Facebook.

After reaching out to the businesses through social media or WhatsApp, they were directed to download an Android Package Kit (APK) file to place orders and process payments.

APKs are installation files for Android apps, which can be downloaded from the Internet and third-party app stores, as opposed to the official Google Play Store. These APK files could contain malicious software or “malware”, particularly those designed for phishing.

Unwitting victims, unaware of the hidden malware in the downloaded application, opened their devices to remote access by scammers. This allowed the cybercriminals to pilfer sensitive data such as Singpass passcodes and other stored information on the victims’ devices.

“The scammer might also call the victim to ask for their Singpass passcode, purportedly to create an account on the application,” the police cautioned.

Further exploiting the victims’ trust, scammers directed them to phony bank application login sites to input their banking credentials. Equipped with keylogging capabilities, the malware would record the information and transmit it to the scammers.

These cybercriminals, now possessing stolen Singpass passcodes, accessed victims’ CPF accounts remotely. They withdrew funds through PayNow, which were then deposited into the victims’ bank accounts. Subsequently, the scammers utilized the victims’ banking applications to transfer the CPF funds away via PayNow.

Victims only detected the scam when they noticed unauthorized transactions in their bank accounts.

The police warned the public about the risks of downloading apps from third-party or dubious websites, stating that these sources can often lead to malware being installed on their devices.

CPF members are eligible to withdraw a portion of their savings upon reaching 55 years old.

Moreover, they receive monthly payouts through the CPF Life scheme upon reaching the currently eligible age of 65.