The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) are introducing more measures to bolster the security of digital banking, in view of the recent spate of SMS phishing scams targeting bank customers.
The measures to be implemented by banks in Singapore within the next two weeks include the removal of clickable links in e-mails or SMSes sent to retail customers, a delay of at least 12 hours before activating a new soft token on a mobile device, and a cooling-off period before implementing requests for key account changes, among others.
In December 2021, some 469 customers of Singapore’s OCBC Bank fell prey to a SMS phishing scam that tricked them into revealing their digital banking credentials on a fake website, with reported losses amounting to at least S$8.5m.
The central bank said the growing threat of online phishing scams calls for immediate steps to strengthen controls, and that the additional measures will lengthen the time taken for certain online banking transactions but will provide an additional layer of security to protect customers’ funds.
Meanwhile, MAS called for digital banking customers to remain vigilant against scams, such as not divulging internet banking credentials to anyone, among other safeguards, while longer-term preventive measures are being evaluated for implementation in the coming months.
To deal with this scourge of scams, banks will work closely with MAS, the Singapore Police Force, and the Infocomm Media Development Authority (IMDA) to combat SMS spoofing, including the adoption of the SMS Sender ID registry by all relevant stakeholders.
The SMS Sender ID registry was initiated by the IMDA in August 2021 in collaboration with MAS to enable organisations to register SMS sender ID headers they wish to protect. When there is unauthorised use of a protected SMS sender ID, the messages will be blocked, IMDA said in a recent Straits Times forum letter.
MAS is also intensifying its scrutiny of major financial institutions’ fraud surveillance mechanisms to ensure they are adequately equipped to deal with the growing threat of online scams. In August 2021, analytics software supplier SAS announced that it had collaborated with OCBC Bank to deploy a fraud surveillance system (FSS) to monitor customer activities and transactions.
The system’s capabilities included assisting in the detection, investigative remediation, and analysis of customer fraud exposures using multiple analytic techniques such as predictive modelling, text mining and network link analysis, among others.