THE STAR – Concerns are mounting following the recent phishing scams involving Singapore’s second largest bank Oversea-Chinese Banking Corp (OCBC), with industry observers noting that such cases are set to go up here as well.
To be sure, with the increasing use of digital banking, such predictions and fears are justified.
Cyber security firm Systech Bhd Chief Executive Officer Raymond Tan said that such scams are not country-limited.
“It can happen everywhere, not only in Singapore, all of us may have received or will at some point, receive similar messages trying to scam us of our money, whether it’s via SMS, email or WhatsApp,” he said.
Tan, whose company tracks suspicious activity online and counts banks as some of its main clients said scams involving banks and other organisations here, will continue to rise but digital banking technology adoption should not be blamed.
“New technology and businesses always come with new risks but that doesn’t mean we shouldn’t embrace new technology.
“The Risk Management in Technology guidelines from Bank Negara do address such new technology risks,” he told StarBizWeek.
Tan noted that SMS scams or other similar frauds like Macau scams exploit the weakest link in technology, which is the human element.
“We live in a borderless world and the lack of consumer understanding on private data protection will lead to increasing number of scam cases.”
Some industry observers argue that banks could do more.
Securemetric Bhd chief technology officer Sea Chong Seak said banks can take on the current challenges by strengthening their cyber security processes, and other relevant compliance programmemes such as their electronic know-your-customer or eKYC as well as multi-factor authentication, data encryption and transaction signing systems.
“There is no doubt that digital banking can increase certain risks.
“The risks will be there and the common incidents of fraud are bank customer identity fraud, identity thefts, account takeovers and transaction fraud as digital banking involves banking activities that do not require face-to- face interactions,” Sea said.
In Singapore, its central bank, The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) introduced a set of additional measures this week to enhance the security of digital banking.
This, they said, is in view of the recent spate of SMS-phishing scams targetting bank customers.
The statement said, “MAS expects all financial institutions to have in place robust measures to prevent and detect scams as well as effective incident handling and customer service in the event of a scam.
“The growing threat of online phishing scams calls for immediate steps to strengthen controls, while longer-term preventive measures are being evaluated for implementation in the coming months.”
The statement said banks in Singapore, in consultation with MAS, will work to put in place more stringent measures within the next two weeks, including the removal of clickable links in emails or SMSes sent to retail customers and a delay of at least 12 hours before activation of a new soft token on a mobile device.
There will also be additional safeguards, such as a cooling-off period before the implementation of requests for key account changes such as in a customer’s key contact details as well as dedicated and well-resourced customer assistance teams to deal with feedback on potential fraud cases on a priority basis, the authorities said.
Notably, customer vigilance is of paramount importance, according to MAS and ABS.
Research fellow at think-thank Centre for Market Education Liew Chee Yoong agreed that banks can tighten the security features of their banking and transaction systems to reduce the likelihood of fraud as well as aggressively educate their clients on how to protect against fraud and other banking security issues.
“On the issue of responsibility, unless it is proven that the bank had committed certain errors or there had been a lack of due diligence on their part which had allowed their clients to be cheated – both sides (customer and bank) have to be held responsible in the case of a scam.”
Even if the bank is at fault, providing compensation to the victims like in the case of OCBC Singapore, could just be a just a short-term measure, according to Liew.
“It is not an effective prevention measure in the long-run.
“If banks continuously practise this, it can create a moral hazard behaviour pattern among banking clients by giving them the impression that whatever happens to their banking accounts, the banks will compensate them,” he said.
“It will create complacency among banking clients which could then lead them to being less prudent and less careful when dealing with banking transactions.”
Liew pointed out that the relevant authorities, including Bank Negara, need to be stern against banks if they fail to prevent fraud from occurring via their systems and transactions.