SINGAPORE - A draft framework for the equitable sharing of losses suffered by scam victims has been delayed due to the complexity of the issues involved, the Monetary Authority of Singapore (MAS) said on Monday (July 18).
The financial sector regulator had announced in February that it is working with the industry on the framework, a month after OCBC Bank announced it would fully reimburse the $13.7 million lost by its customers in a recent spate of phishing scams.
MAS said then it would publish a draft framework for public consultation in three months' time.
"The process of developing the framework is, however, taking longer than expected in view of the complexity of the issues and the importance of ensuring that the loss sharing and accountability approach incentivises all key parties in the ecosystem to be vigilant against scams," MAS said on Monday.
"MAS is keenly aware of the importance of this framework and will publish the consultation paper as soon as possible," it added.
With the draft framework, MAS will seek public feedback on a final version that would spell out how losses from scams are to be shared between consumers and financial institutions, including the responsibilities of other key parties involved.
MAS had said then that OCBC's $13.7 million payout does not set a general precedent for future cases, and that all parties have responsibilities to be vigilant and to take precautions against scams.
The regulator is also leading a task force, called the Payments Council, to review practices that the financial industry can put in place to better protect consumers. This is said to include a review on how to apportion the liability of a fraudulent online transaction.
Since February, banks have had to put in place more safeguards to boost the security of online banking, such as removing clickable links in SMSes or e-mails sent to retail customers.
They also include a delay of at least 12 hours before activation of a new soft token on a mobile device, notification to a customer's existing mobile number or registered e-mail upon a request to change contact details, and dedicated customer assistance teams to deal with feedback on potential fraud cases on a priority basis.
The threshold for funds transfer transaction notifications to customers must also be set by default at $100 or lower, more frequent scam education alerts must be sent out, and additional safeguards such as a cooling-off period before implementation of requests for key account changes have to be enacted.
MAS and The Association of Banks in Singapore had also said that banks will continue to work closely with the police and the Infocomm Media Development Authority to deal with the phishing scams. This includes working on more permanent solutions to combat SMS spoofing, including adoption of the SMS sender ID registry by all relevant stakeholders.