When can scam victims expect payout under the proposed shared liability framework?
Scenarios of when scam victims can expect to receive full payouts from banks and telecommunication providers were detailed in a proposed framework published by regulators on Thursday.
The Shared Responsibility Framework, proposed by the Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority (IMDA), placed duties on financial institutions (FIs) and telcos, making them liable to pay if they have fallen short of these duties.
For banks, these include notifying users of outgoing transactions; for telcos, implementing anti-scam SMS filters and ensuring that messages from SMS aggregators that broadcast messages on behalf of companies are authorised.
The report detailed potential scenarios for when users will receive a payout, and when they will likely bear the costs of falling prey to scams.
Potential scenarios
1) Investment scams
A victim is tricked by an investment scam on Facebook and loses money. The scammer instructs the victim to make bank transfers which he does despite receiving real-time SMS transaction notifications.
In such cases, the proposed framework states that the consumer will bear the full loss, as the transactions made to the fraudster were authorised by the consumer.
2) Fake sales online
A victim is scammed by a fake furniture seller from overseas via WhatsApp. The victim enters his account credentials on a fake digital platform, providing the scammer with details to steal his money.
No payout can be expected by the consumer as the scammer is not a Singapore-based entity or a foreign-based brand known to offer services here, according to the framework.
3) Bank disruptions
The bank will pay consumers in full in the event of any scam that occurs during a system failure at the bank that prevents real-time notifications, the 12-hour cooling period for high-risk activities and the availability of a kill-switch from being available to customers.
4) Bank impersonation
A victim is scammed by a fraudster using the SMS sender ID “DBS Bank” through an overseas network operator connected to a local telco. The responsible telco does not block this SMS. The victim is tricked into clicking a link in the SMS that leads to a fake website where he keys in his account credentials for the scammer to make unauthorised transactions.
In this case, the user will receive a full payout by the telco as it failed to block SMSes that are not from participating aggregators.
5) Malware scams
A victim is tricked by a fraudster into downloading a third-party app to a transaction. The app allows the scammer to remotely view the victim’s login credentials and control his phone to make fraudulent transactions.
The loss will be borne by the consumer as his credentials were not entered into a fake digital platform and the seller was not impersonating a legitimate business entity.
6) Transactions dealt with individually
Several fraudulent transactions are made from a victim’s bank account after he falls a phishing scam over SMS. The bank notifies the user of the first few transactions but fails to alert the user to the subsequent transfers as its system was down. The responsible telco also connected to a non-participating aggregator to deliver the SMS.
Each fraudulent transaction will be individually assessed. The telco may be asked to reimburse the victim over messages transmitted from non-approved aggregators, while the bank is responsible for not notifying the user during the system failure. This will take precedence over the telco’s missteps given the bank’s role as the custodian of consumers’ finances.
Consumers who are not satisfied with the results can approach the authorities or the courts to seek further recourse, said the regulators.
Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now