October 26, 2023
SINGAPORE – The suggested framework for financial institutions (FIs) and telecommunication providers to share responsibility when scams occur makes it clear who is liable to bear the cost of fraud, said experts.
Still, more can be done to protect users from vulnerable groups and to address malware scams, which allow fraudsters to take control of a user’s device and empty the victim’s bank accounts, and scams from overseas, some said.
These comments were in response to a proposal to strengthen the direct accountability of FIs and telcos to consumers, which was published on Wednesday by the Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority (IMDA).
Cyber-security expert Raju Chellam suggested, for instance, that the mandatory 12-hour cooling-off period for high-risk banking activities be extended to any transaction made by seniors and mentally challenged users to overseas bank accounts, as they are especially vulnerable to scams.
Mr Chellam is the honorary chair of cloud and data standards at the IT Standards Committee and editor-in-chief of the Singapore Computer Society’s Artificial Intelligence (AI) Ethics And Governance Body Of Knowledge.
He also suggested that banks create special accounts with higher levels of security for these vulnerable groups to protect them and add obstacles for overseas attackers, adding that banking systems can use AI and analytic tools to flag overseas transactions from accounts with no prior history of such transactions.
“The 12-hour cooling period is the key here. Banks should hold such transactions so that the people involved can be contacted to make sure the transfer is legitimate,” said Mr Chellam.
The proposed framework comes at a time when scams are a plague on the nation, with 22,339 reported scam cases in the first half of 2023. Phishing scams, which are the focus of the proposed framework, made up nearly 3,000 of these cases, according to police statistics.
The proposal follows other nations that hold FIs responsible for reimbursing fraud victims. In Britain, banks may soon have to reimburse within 48 hours customers who have been tricked into sending money in a type of online scam typically impersonating banks.
The framework is a step forward in protecting consumers and should speed up the reimbursement process for victims, said Mr Melvin Yong, president of the Consumers Association of Singapore.
“The proposed framework is balanced, reasonable and sound in apportioning responsibilities and liabilities among banks, financial institutions, telecommunication service and infrastructure providers, and individuals,” he said.
However, Mr Yong and Ms Sylvia Lim, chairwoman of the Workers’ Party (WP), told The Straits Times that the framework can be expanded to include the rising threat of malware scams.
Ms Lim, who argued in Parliament in September for banks to hand payouts to scam victims, said: “We note that the paper only covers losses from certain types of phishing scams, while there is no policy indication yet on other prevalent types of scams, such as malware fraud.”
According to the consultation paper, victims of a malware scam are likely to bear the loss in full. In typical malware cases, the consumer’s credentials are not entered into a fake digital platform and the fraudster is not impersonating a legitimate business entity.
The regulators wrote: “It is premature to set out specific malware scam-related duties for different stakeholders at this stage as these measures are still developing and will evolve significantly given the nature of malware scams.”
As for the banks, the proposal is welcomed as it sets a baseline for shared responsibility across digital platforms to prevent scams, said Mrs Ong-Ang Ai Boon, director of the Association of Banks in Singapore (ABS).
To strengthen the fight against scams and fraud, Mrs Ong-Ang believes that it is necessary to have collective action from other members of the digital ecosystem, such as tech companies and e-commerce platforms.
Banks will continue to introduce new anti-scam measures to keep pace with scam tactics, she said, adding that such changes might cause some inconvenience to customers but are necessary to protect them against scams.
In the first nine months of 2023, 362 scam cases involving the impersonation of banks have been reported, she added. A total of 572 cases were recorded over the whole of 2022.
Telcos M1, Singtel and StarHub said in separate statements that they will work with the authorities to review the consultation paper and give feedback.
Professor Lawrence Loh, director of the Centre for Governance and Sustainability at the National University of Singapore Business School, said the inclusion of telcos as a responsible party sets a precedent in combating scams.
He said: “Telcos facilitate the communication between scammers and consumers in many cases and they have a level of care.”
Prof Loh added that such policies need to move faster to catch up with the prevalence and sophistication of scams here.
He said: “There needs to be greater awareness of how scams work, and we need to move forward more rapidly.”
Lawyer and director at Setia Law Yam Wern-Jhien said the proposed framework will encourage banks and telcos to implement the necessary safeguards, which will help preserve trust in banking and telcos here.
He added that customers, too, will be more vigilant knowing that goodwill payments as a “safety net” are less likely.
“Having worked with many scam and fraud victims over the past years, the proposed measures are very much welcomed,” he said. “(Many clients) have lost entire life savings with virtually no means to seek redress or compensation given the high expense and complexity of pursuing cross-border recovery actions.”