Consumers and small businesses wary of e-payments because they fear unauthorised transactions through their bank accounts can soon be assured they will not be held liable - as long as they keep the account details secure.
In new guidelines proposed yesterday, the Monetary Authority of Singapore (MAS) outlined the liabilities held by these customers in the event of unauthorised mobile transactions, and set out the banks' responsibilities in notifying customers of e-payments made so that account holders can keep track of digital fund flows.
The guidelines will apply to both individuals and small business owners, defined as "micro-enterprises" that either hire fewer than 10 staff, or make less than $1 million in annual turnover.
The move to have guidelines comes after Singapore launched PayNow, a free service offered by seven retail banks that enables mobile fund transfers through the recipient's mobile phone number or NRIC number.
Since the scheme was launched last July, more than a million users have registered with PayNow.
Account holders who are careful in protecting their accounts will not be liable for any unauthorised transactions, MAS said. This would mean such customers use strong passwords and tuck them away, and also install security patches regularly.
Consumers or small businesses found to be careless but not reckless in contributing to unauthorised, disputed transactions will be liable for up to $100. Such account-users may have misplaced a mobile phone or accidentally given away passwords.
But if the banks can prove that reckless behaviour by customers led to the unauthorised transactions, these people will then be liable for the actual loss.
When a "fat finger" transaction has occurred - that is, when a payment is made to a wrong person by accident - customers can work with the sending and receiving banks to have the funds returned in about a week's time.
MAS said banks should offer transaction notifications so that account holders can monitor their accounts. At the minimum, banks should SMS or e-mail account holders a consolidated list of all the e-payments in and out of their bank accounts at least once a day. The information should identify the recipient, as well as each transaction's amount, date and time.
The proposed guidelines are not mandatory, but MAS can make them enforceable under law.
The guidelines will also not apply to scams such as phishing. Such cases are referred to the police.
MAS is seeking public feedback on the guidelines until March 16. It plans to publish the guidelines in the first half of this year.