Singapore Takes Aim At APP Fraud

January 24, 2022
<
Back
The Monetary Authority of Singapore and the Association of Banks in Singapore have introduced new measures to bolster the security of digital banking, in view of the recent spate of SMS-phishing scams targeting bank customers.

The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) have introduced new measures to bolster the security of digital banking, in view of the recent spate of SMS-phishing scams targeting bank customers.

The country’s financial institutions are due to work with the MAS over the next two weeks to create new standards that could reduce the risk of phishing scams that are being used to make Singaporean bank customers initiate authorised push payments (APP).

Recently, OCBC bank customers were hit by an SMS scam, leading to a public apology from the chief executive, Helen Wong, as well as an agreement to make goodwill payments to all who had been affected.

Now, all institutions are set to remove clickable links in emails and text messages sent to retail customers, in a move aimed at tackling a rise in phishing attacks that have plagued the city-state.

As well as removing links, the MAS also wants financial institutions to:

  • Create a threshold for $100 or lower for funds transfer transaction notifications to customers to be set by default.
  • Establish a delay of at least 12 hours before activation of a new soft token on a mobile device.
  • Make banks send notifications to existing mobile numbers or emails registered with their customer whenever the latter requests to change of mobile number or email address.
  • Set up additional safeguards, such as a cooling-off period before implementation of requests for key account changes such as in a customer’s key contact details.
  • Ensure dedicated and well-resourced customer assistance teams to deal with feedback on potential fraud cases on a priority basis.
  • Create more frequent scam education alerts.

Although the MAS concedes that this will lengthen the time taken for payments to be completed, it deems it necessary to ensure consumers are better protected.

“The threat of scams will not go away, but we can reduce our vulnerabilities. This requires a multi-pronged response across the ecosystem,” said Ravi Menon, the managing director at the MAS.

Meanwhile, the ABS has insisted that the banking industry will continue to strengthen consumer protection measures. “We also ask that the public stay vigilant given that scams continue to evolve and are executed quickly. We remain committed to upholding the confidence with which customers can transact online safely, while still maintaining a high level of service,” said ABS chair Wee Ee Cheong.

APP fraud is an issue that UK payments players know all too well, and it has caused a headache for regulators and institutions alike.

According to UK Finance, £355m was lost to APP scams in the first half of 2021, overtaking card fraud losses for the first time, and the issue has become so potent that it has reached the Houses of Parliament.

The UK’s Payments Systems Regulator is currently consulting on the issue, and the proposals that have been suggested by the regulator include the publication of fraud data by financial institutions, improving scam prevention tactics and reimbursing victims.

Some politicians and campaign groups have suggested that the voluntary reimbursements for APP fraud should be made a legal requirement.

Our premium content is available to users of our services.

To view articles, please Log-in to your account, or sign up today for full access:

To read more articles like this, along with gaining access to the tools that will help you navigate compliance risk with confidence, request a demo of our RegTech platform today.

Related articles

March 14, 2025

Regulatory Influencer: European Union's Approach to ICT Incident Reporting

In recent weeks, the European Commission has published two significant regulations under the Digital Operational Resilience Act (DORA) which will contribute towards firms’ compliance efforts, standardising reporting of major ICT-related incidents and cyber threats. The first, Commission Delegated Regulation (EU) 2025/301, sets out technical standards for the content and timing of mandatory incident reports and voluntary cyber threat notifications. It sets out classification criteria, reporting deadlines and required details, such as impact assessments, remediation efforts and communication with authorities. Meanwhile, Commission Implementing Regulation (EU) 2025/302 provides standardised templates, forms and procedures for reporting. This regulation mandates uniform reporting formats, secure submission channels and requirements for complete and updated information. Both regulations, published in the Official Journal of the EU, took effect on March 11, 2025, 20 days after entering the statute book.
Read article
March 14, 2025

Week In Crypto: US Stablecoin Battle Heats Up As House, Senate Reintroduce Bills

Although US lawmakers appear to be aligned on the need for federal stablecoin legislation, they are no closer to an agreement on which bill should prevail and what provisions it should include.
Read article

Opt in to hear about webinars, events, industry and product news

Gambling Compliance

Learn more

Payments Compliance

Learn more
Still can’t find what you’re looking for? Get in touch to speak to a member of our team, and we’ll do our best to answer.
Contact us
No items found.
Bank Accounts
Mobile Payments
Singapore

Please choose your preferred
service to log in to.

GamblingCompliance
PaymentsCompliance
Don’t have an account?