SINGAPORE (CNA) – OCBC’s recent goodwill payouts to fully cover scam victims’ losses were a “one-off gesture by the bank in the circumstances” and do not set a general precedent for future cases, said the Monetary Authority of Singapore (MAS) yesterday.
Hundreds of OCBC Bank customers fell prey to online phishing scams last month, with the bank saying all affected customers will get “full goodwill payouts”.
The payouts included the bank’s consideration of how it had not met its own expectations of customer service and response, said MAS.
Banks in Singapore have “substantially implemented” additional measures announced last month to bolster the security of digital banking, added the authority.
Following the spate of SMS phishing scams targetting bank customers, several immediate steps were put in place to strengthen controls.
These include the removal of clickable links in SMSes or emails sent to customers, setting a default threshold of SGD100 or lower for funds transfer transaction notifications and having a delay of at least 12 hours before the activation of a new soft token on a mobile device.
MAS is working with the industry to evaluate longer-term measures to be implemented in the coming months. It is also developing a framework for the equitable sharing of losses arising from scams.
The Payments Council, chaired by MAS, has been working since July 2021 on a framework that aims to provide clarity on how losses arising from scams are to be shared among consumers and financial institutions.
“Under the framework, all parties have responsibilities to be vigilant and to take precautions against scams,” said MAS.
The banking regulator also said that financial institutions have the responsibility to protect their customers, such as through “robust controls” to safeguard customer accounts, and “effective measures to detect and respond to suspicious transactions”.
On their end, customers also have the responsibility to take necessary precautions, by not giving away their personal or banking credentials to anyone, not clicking on links in SMSes or emails that claim to be sent by a bank, and transacting only through the bank’s official website or mobile application.
“The proportion of losses each party bears will depend on whether and how the party has fallen short of its responsibilities,” said MAS.
It added that financial institutions should bear an “appropriate proportion of losses” arising from scams, but also take care to ensure that compensation paid to customers does not weaken their incentive to be vigilant.
The authority plans to publish the framework for public consultation within the next three months.
“Other than the sharing of losses, the consultation will also cover the responsibilities of other key parties in the ecosystem,” said MAS.