Banks to have more anti-scam measures by Oct 31, including 'kill switch' to freeze accounts

An emergency self-service "kill switch" that lets customers freeze their bank accounts if they suspect that their accounts have been compromised is among a slew of new measures that will be introduced to stop digital banking scams.

They will be implemented by Oct 31, the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) said on Thursday (June 2).

The measures complement those announced on Jan 19, which include the removal of clickable links in e-mails or SMSes sent to retail customers and having a delay of at least 12 hours before activation of a new soft token on a mobile device.

Among the added measures is having the default transaction limit for online funds transfers to be set to $5,000 or lower a day.

Additional customer confirmations will be required to process significant changes to customer accounts and other high-risk transactions identified through fraud surveillance.

Fraud surveillance will be bolstered as well to take into account a broader range of scam scenarios.

Banks will facilitate rapid account freezing and fund recovery operations by co-locating bank staff at the Singapore Police Force (SPF) Anti-Scam Centre.

To minimise the risk of clicking on fraudulent websites, bank customers are strongly encouraged to use mobile banking apps, as opposed to Web browsers, said MAS and ABS in a joint statement.

"Banks will continue to enhance the functionality of their banking apps, and assist customers to make the transition towards greater use of these apps," they added.

To ensure sustained investment in the industry's anti-scam initiatives, an ABS standing committee on fraud, comprising the seven major local banks, including DBS Bank, UOB, OCBC and Standard Chartered, will advance the work of the Anti-Scam Taskforce established in 2020.

The committee will report directly to the ABS Council and will drive the industry's anti-scam efforts, implement robust measures to safeguard customers, and reinforce public confidence in the security of digital banking, said MAS and ABS.

The ongoing anti-scam work of the industry will be formalised into five key areas covering customer education, authentication, fraud surveillance, customer handling, and recovery and equitable loss-sharing.

Customers can protect themselves against scams and stay updated on online banking hygiene practices by keeping up with scam advisories and alerts put out by the police, the National Crime Prevention Council, MAS and banks.

They should refer to official sources, such as the MAS Financial Institution Directory and cards issued by banks for hotline numbers and website addresses to communicate with banks.

Customers should not reveal their Internet banking credentials or passwords to anyone.

The fight against scams requires vigilance across the ecosystem, said Ms Ho Hern Shin, MAS deputy managing director of financial supervision.

"This further set of measures will strengthen customers' ability to protect themselves against digital banking scams. MAS will continue to work with other government agencies and financial institutions to strengthen our financial system's resilience against scams," she added.

A total of 790 people fell prey to phishing scams targeting OCBC customers in December and January, with losses tallied at $13.7 million.

The bank arranged for “full goodwill payouts” for all victims of the SMS phishing scam that impersonated the bank.

OCBC then rolled out the “kill switch” feature in February, which applies to all current and savings accounts, including joint accounts, ATM access, debit and credit cards, and digital banking, including OCBC Pay Anyone app access.

DBS  and UOB had said in February that customers can freeze their credit cards through the banks’ digital banking apps.

The feature will be extended to bank accounts as well when all banks  progressively roll out the “kill switch” service. Customers can activate the feature by calling the bank.

Mr Leong Ji Keet, 26, a university teaching assistant who is a DBS bank customer, said that although the “kill switch” increases bank account holders’ control  over their money in the case of fraudulent activity, its success would rely on customers knowing that it exists and how to use it.

“I think this feature would have to be publicised widely for it to be effective,” he said.

Streamlining the process of activating and executing the “kill switch”  will be crucial so that false alarms will be minimised and bank resources are not wasted, said Mr Leow Kim Hock, Asia chief executive of cyber-security services provider Wizlynx Group.