'Kill switch' among anti-scam steps banks must take by Oct 31

Customers will be armed with an emergency "kill switch" to freeze their bank accounts if they suspect these have been compromised as part of fresh measures on the way to stop digital banking scams.

The measures will be implemented by Oct 31, said the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) yesterday.

They complement steps announced on Jan 19, which include the removal of clickable links in e-mails or SMSes sent to retail customers and having a delay of at least 12 hours before a new soft token on a mobile device is activated.

The additional measures include setting the default transaction limit for online fund transfers at $5,000 or lower a day.

Additional customer confirmation will be required to process significant changes to customer accounts and other high-risk transactions identified through fraud surveillance.

Fraud surveillance will be bolstered as well to take into account a broader range of scam scenarios.

Banks will also facilitate rapid account freezing and fund recovery operations by co-locating bank staff at the Singapore Police Force (SPF) Anti-Scam Centre.

To minimise the risk of clicking on fraudulent websites, bank customers are strongly encouraged to use mobile banking apps, as opposed to Web browsers.

"Banks will continue to enhance the functionality of their banking apps, and assist customers to make the transition towards greater use of these apps," said MAS and ABS.

An ABS standing committee on fraud, comprising the seven major local banks, will advance the work of the anti-scam task force established in 2020 to ensure sustained investment in the industry's anti-scam initiatives.

The ongoing anti-scam work of the industry will be formalised into five key areas covering customer education, authentication, fraud surveillance, customer handling, and recovery and equitable loss-sharing.

Customers can protect themselves against scams and stay updated on online banking hygiene practices by keeping up with scam advisories and alerts put out by the police, the National Crime Prevention Council, MAS and banks.

They should also use bank apps for their banking needs and not reveal their Internet banking credentials or passwords to anyone.

The fight against scams requires vigilance across the ecosystem, said Ms Ho Hern Shin, MAS deputy managing director of financial supervision.

"This further set of measures will strengthen customers' ability to protect themselves against digital banking scams. MAS will continue to work with other government agencies and financial institutions to strengthen our financial system's resilience against scams," she added.

A total of 790 people fell prey to phishing scams targeting OCBC customers between December and January, with losses tallied at $13.7 million.

The bank arranged for "full goodwill payouts" to all victims of these SMS phishing scams.

In February, OCBC rolled out the kill switch feature, which applies to all current and savings accounts, ATM access, debit and credit cards, and digital banking.

DBS and UOB had said in February that customers can freeze their credit cards through the banks' digital banking apps. The feature will be extended to bank accounts as well when all banks progressively roll out the "kill switch" service. Customers can activate the feature by calling the bank.

Mr Leong Ji Keet, 26, a university teaching assistant who is a DBS bank customer, said the success of the kill switch would depend on customers knowing that it exists and how to use it.

Streamlining the process of activating and executing the kill switch will be crucial so that false alarms are minimised and bank resources not wasted, said Mr Leow Kim Hock, Asia chief executive of cyber-security services provider Wizlynx Group.