By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: New anti-scam measures are good but standards needed instead of “best effort” from banks
Share
Font ResizerAa
TechgoonduTechgoondu
Font ResizerAa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Cybersecurity > New anti-scam measures are good but standards needed instead of “best effort” from banks
CybersecurityInternet

New anti-scam measures are good but standards needed instead of “best effort” from banks

Alfred Siew
Last updated: February 16, 2022 at 9:21 PM
Alfred Siew
Published: February 16, 2022
8 Min Read
PHOTO: Pixabay

A slew of new measures are coming into play to keep out scammers as lawmakers in Singapore this week looked to soothe public concerns over the safety of digital banking services in the country.

For starters, banks here will review the use of SMSes for one-time passwords (OTPs) and shift faster to more secure mobile apps, Monetary Authority of Singapore (MAS) deputy chairman Lawrence Wong told Parliament on Tuesday.

Major retail banks in Singapore will also be told to register their alphanumeric IDs on an SMS protection registry, which will help guard against scam SMSes, according to Josephine Teo, Minister for Communications and Information.

As if on cue, OCBC Bank today also rolled out a “kill switch” that lets customers freeze an account if they suspect they are being scammed.

Many victims of the OCBC phishing scam in December were put on hold when they tried to get through to the bank as money was being transferred out by scammers. So, a kill switch is a good measure, if a reactive one.

Indeed, the changes that are being made now are important, even if they have only come about after S$13.7 million were stolen in the high-profile scam, which caused a number of the 790 victims to lose their life savings.

What’s needed for the long term, however, are not just piecemeal or ad hoc changes. Instead, standards for things like anti-fraud measures and risk management need to be specified for banks, so they share the digital risks with the customers they serve.

Of the many questions raised by Members of Parliament, Foo Mee Har asked a great one – whether the central bank would impose minimum standards on banks’ fraud surveillance systems.

Wong, who is also Finance Minister, replied that the monetary authorities do not prescribe specific controls but set out broad expectations for banks.

If these are not met, then the banks face penalties, he added. Plus, if financial institutions fall short of responsibilities, they will have to bear their share of losses, The Straits Times reported.

One question for such an arrangement is whether these “broad expectations” can be open to interpretation.

While banks can say that their fraud detection capabilities are boosted by artificial intelligence (AI) and other newfangled technologies, there does not seem to be a required measurement of how effective these are.

Does having such a measure in place, even if it’s done based on a “best effort” basis, mean that a bank can say it’s done its part and isn’t liable for a customer’s losses from a scam?

To be sure, technologies change all the time and certainly, scam tactics evolve against these defences as well. Casting everything in stone might make you seem outdated pretty fast.

That said, there are detailed technology risk management guidelines that the Monetary Authority of Singapore (MAS) clearly puts out regularly to financial institutions here.

These include advisories to use two-factor authentication (2FA) to challenge a user if a transaction is made, plus the need to disclose any significant downtime due to cybersecurity breaches.

However, as pointed out by experts, these recommendations are just that – recommendations – and they don’t carry legal weight when it comes to determining who’s liable for a victim’s loss.

Should these best practices be made mandatory? After all, these are important guidelines that should be followed, not just taken as passing advice and executed with the minimum of effort.

Compare this to how the Infocomm Media Development Authority regulates telecom operators. It sets out clear quality of service standards that telcos have to meet or face penalties ranging from S$5,000 to S$50,000 for each offence, depending on severity.

Clear standards mean that those in the sector have nowhere to hide if they are not up to scratch. Plus, they also make the regulator’s job clearer and simpler – penalties are not meted out in an ad hoc manner but consistent with historical precedents.

Wong has said a framework is in the works to spell out clearly the responsibilities for financial institutions and customers, so the share of losses in a scam will be determined by how much each party has fallen short of these responsibilities.

For this to be work, however, these responsibilities cannot be general statements about a duty of care – they have to be detailed on how much a bank has to do, for example, to get its anti-fraud systems in place.

Clear examples or cases should be made to explain if a bank should be liable if, say, its SMS OTPs are diverted by hackers or stolen.

Or if its anti-fraud measures do not detect an obviously suspicious transaction that a human operator at a branch would have reasonably identified.

Why be so prescriptive? Well, you don’t want to force a court to interpret and analyse whether a bank has taken the right technological measures if one day such disputes between a consumer and a bank end up in court.

That would certainly not be in the interests of consumers, who typically do not have the money to fight the legal muscle that banks can summon.

How much will you pay lawyers to get back your S$100,000, for example? And do you even have money left after a scam?

This would be a David versus Goliath match, as lawyers would say, and David does not win a slugfest dragged out over years.

Thus, it is important that government regulators spelt things out clearly, so there is little doubt how the responsibilities are shared.

They are the experts, after all, who are tuned in to the current risks, and they can continually revise this framework to reflect the changing roles both banks and consumers should play.

For consumers, this framework will also make clear what risks they undertake when they use an online banking service.

They certainly can’t expect a bank to pay them their entire losses every time, as OCBC did this time round for the victims after facing public pressure for weeks.

If the risks far outweigh the convenience, it might be better to carry out fewer online transactions and rely less on the digital services that banks push out. Yes, more friction, but less risk.

Singapore digital economy hits new high, adding S$113 billion to GDP in 2023
Passport-free travel edging closer but obstacles remain
With live match data, sports journalists now get real-time insights at tennis matches
Fibre broadband prices slashed at new price war at IT Show
Goondu review: D-Link DIR890L
TAGGED:digital bankingfraudOCBConline bankingphishing scamSingaporeSMS OTP

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Whatsapp Whatsapp LinkedIn Copy Link Print
Avatar photo
ByAlfred Siew
Follow:
Alfred is a writer, speaker and media instructor who has covered the telecom, media and technology scene for more than 20 years. Previously the technology correspondent for The Straits Times, he now edits the Techgoondu.com blog and runs his own technology and media consultancy.
Previous Article Time to use a tablet, as new ones like Galaxy Tab S8 Ultra get bigger screens than laptops?
Next Article Q&A: The metaverse will be a photorealistic 3D world, says Jon Lee of Vizzio Technologies
Leave a Comment

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

FacebookLike
XFollow

Latest News

In search of fairer deal for content creators, Cloudflare blocks AI scrapers
Internet Media
July 3, 2025
Samsung The Frame Pro (2025) review: Appealing design, excellent images
Audio-visual
July 1, 2025
AWS opens Asia-Pacific innovation hub in Singapore
Enterprise
June 30, 2025
Red Hat pitches open-source software for more efficient AI inference
Enterprise Software
June 27, 2025

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.

banner banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON
banner banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT
banner banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
© 2024 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact
Follow Us!
Never miss anything again. Get the latest news and analysis in your inbox.

Zero spam, Unsubscribe at any time.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Username or Email Address
    Password

    Lost your password?