OCBC arranges for 'full goodwill payouts' to 790 customers who lost $13.7m to phishing scams

There have been no further fraudulent transactions in relation to the scam over the past few weeks. ST PHOTO: ALPHONSUS CHERN

SINGAPORE - A total of 790 people fell prey to phishing scams targeting OCBC Bank customers, with losses tallied at $13.7 million.

Singapore’s second-largest bank said on Sunday (Jan 30) that it has made arrangements for "full goodwill payouts" with all victims of the recent SMS phishing scam that impersonated the bank. 

There have been no further fraudulent transactions in relation to the scam over the past few weeks, it added.

"OCBC Bank's investigation has confirmed that victims who fell prey had provided their online banking log-in credentials and one-time PINs to phishing websites, thereby enabling the scammers to take over their bank accounts and make fraudulent transactions," it said on Sunday.

"Nonetheless, OCBC Bank decided to make the full payout as a one-off gesture of goodwill given the circumstances of this scam. We also took into consideration that our customer service and response fell short of our own expectations, that could have affected loss mitigation in some of the cases," it added.

The bank said it remains committed to ensuring customers' funds remain safe and will continue to improve its customer service and response.

Victims lost about 80 per cent of the $13.7 million during the year-end festive period from Dec 23 to Dec 30. The number of calls made to the bank's contact centre surged by more than 40 per cent during this period.

The police said last month that at least 469 people had fallen prey to phishing scams involving the bank, with reported losses totalling at least $8.5 million.

OCBC said on Sunday that those figures were based on police reports made by victims at the time, and more such reports were filed and submitted to the bank this month.

"In addition to those who had made police reports, we also reached out to victims who were not aware they had been scammed," said OCBC, noting that more than 200 customers were prevented from falling prey to scams due to its enhanced measures after the initial wave of scams.

The bank this month introduced a slew of new security measures, including sending instant fund transfer alerts to customers even when one cent is transacted.

It also removed clickable links in marketing e-mails and SMS messages, and reduced the default daily limit for PayNow transactions from $5,000 to $1,000.

On Dec 31 last year, the bank implemented a 24-hour cooling-off period for digital token provisioning. It added that it will implement the same 24-hour cooling-off period for key account changes by Jan 31.

These measures are in line with new requirements announced by the Monetary Authority of Singapore and The Association of Banks in Singapore on Jan 19.

Since this month, banks in Singapore have been required to put in place more stringent measures to bolster the security of digital banking, in view of the recent spate of SMS phishing scams.

Under the new rules, banks are also required to have dedicated customer assistance teams to deal with feedback on potential fraud cases, and send notifications to a customer’s existing mobile number or e-mail address for requests to change these details.

Correction note: This article has been edited for clarity.

Join ST's Telegram channel and get the latest breaking news delivered to you.