The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) have responded to a recent spike in SMS phishing scams by introducing stricter security measures, they announced this week.
The MAS said it expects all financial institutions to have “robust measures” to prevent and detect scams and deliver effective incident handling and customer service in the event of a scam.
The agency said it is considering longer-term measures over the coming months but is also working with Singaporean banks to enact stronger measures over the next two weeks. They include the removal of clickable links in emails or SMS messages sent to retail customers and lowering of the threshold for funds transfer transaction notifications to customers to $100 or less. Banks must wait at least 12 hours before activating a new soft token on a mobile device and they must send a notification to an existing mobile number or email registered with the bank whenever there is a request to change a customer’s mobile number or email address.
There will also be cooling off periods before implementing key account changes. Banks must have dedicated customer service teams that deal with fraud on a priority basis and they must post more frequent scan education messages.
“These more stringent measures will lengthen the time taken for certain online banking transactions but will provide an additional layer of security to protect customers’ funds,” the MAS said in a release.
Banking customers also have roles to play, the MAS stressed. They are advised to never click on links in SMS texts or emails and to never share banking credentials and passwords with anyone. Given that some phishing campaigns mimic actual banking websites, customers should verify they are on the actual site before continuing. Another step is to constantly monitor notifications to quickly identify suspect payments.
Related authorities will continue to develop more permanent solutions to SMS spoofing, such as adopting an SMS Sender ID registry by all relevant stakeholders. The MAS is also intensifying its scrutiny of major financial institutions’ fraud surveillance mechanisms to ensure they are adequately equipped to deal with the growing threat of online scams.
“As an industry, we have always focused on the need to ensure robust security measures while meeting customers’ expectations for convenient and swift services,” Wee Ee Cheong, chairman of The Association of Banks in Singapore said. “Together with the MAS and ecosystem players, the banking industry will continue to strengthen consumer protection measures. We also ask that the public stay vigilant given that scams continue to evolve and are executed quickly. We remain committed to upholding the confidence with which customers can transact online safely, while still maintaining a high level of service.”
“MAS is deeply concerned about the recent spate of scams and the financial losses suffered by victims,” managing director Ravi Menon said. “The threat of scams will not go away, but we can reduce our vulnerabilities. This requires a multi-pronged response across the ecosystem. MAS, together with the Police, IMDA and other relevant government agencies, is working closely with the financial industry, the telco industry, consumer groups, and other stakeholders to strengthen our collective resilience against scam attacks. We will ensure that digital banking remains secure, efficient, and trusted.”