Is the customer or bank responsible for fraudulent transactions in Singapore?

Both customers and banks have a duty not to facilitate fraud on the customers' bank accounts. PHOTO: ST FILE

SINGAPORE - While technology has made faster transfers of money possible, it has also facilitated scammers in carrying out fraudulent transactions.

In the first six months of this year, $102 million was lost to various scams.

Bank-related phishing scams are of particular concern as the number of cases surged more than 20-fold to 898 in the first half of this year, from just 34 in the same period last year.

The total amount lost rose to $3.6 million in the first half of this year, from $93,000 for the same period last year.

Both customers and banks have a duty not to facilitate fraud on the customers' bank accounts.

The Straits Times spoke to lawyer Steven Lam of Templars Law, banks, the police, the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore, to find out the responsibilities and extent of liabilities of customers and banks.

Q. Say I had received a call from a scammer who claimed to be from my telecoms provider and offered to help me resolve my Internet issues. I was tricked into giving him remote access to my laptop and also access to my bank accounts. When I realised that something was amiss, I hung up and immediately reported the incident to the bank. Can the bank stop the funds transfer entered by the scammer?

A. Unlikely, because most funds transfers are carried out instantly.

Said OCBC Bank's head of group corporate security, Mr Francisco Celio: "When transactions are authorised by our customers via online banking, though at times fraudulently through scammers, the transactions will be processed almost immediately. Therefore, it is often difficult to stop the transfer. While we will assist our customers to promptly submit a funds recall as soon as OCBC is alerted to the transaction, our ability to recall the funds is dependent on the response of the receiving bank."

Q. If banks cannot suspend the fraudulent transaction, why do I need to alert the bank immediately when I realise that I have been scammed?

A. Bank staff can immediately disable your online banking access and cards to prevent scammers from carrying out further fraudulent transactions.

Q. If the fraudulent funds transfer is not immediate and takes two to three business days to complete, can my bank stop the transaction?

A. Technically, once an instruction is given, the funds will be debited from your account. Even though it has not reached the recipient's bank, it has effectively left yours. The funds could be transferred to an interim bank before reaching the recipient's bank account. It would be difficult to intercept the transaction as the interim bank has an obligation to pass the funds to the recipient's bank.

Q. Can the Singapore police help me to recover my funds?

A. Yes, if the funds are transferred to a local beneficiary bank account and the funds are still residing within that bank account. Police can issue an order to freeze the beneficiary account to prevent any dissipation of funds. Upon completion of investigations, the police will seek a court order for the funds to be returned to the rightful owner.

Q. Can Singapore police help me to recover my funds transferred to an overseas bank?

A. The chances of recovery are often slim, even though the police will work with international partners to trace the money.

Q. If I report an unauthorised transaction to my bank, when can I expect a resolution?

A. Your bank should complete an investigation of any relevant claim within 21 business days for straightforward cases, and up to 45 business days for complex cases.

Q. Suppose I had received a call from a scammer who claimed to be a bank employee. He instructed me to log into my bank account and tricked me into making a fund transfer to another bank account. Does my bank have a duty to recover the funds for me?

A. The bank's liability will depend on whether the transfer happened as a result of the bank customer's negligence, said lawyer Steven Lam.

"In this case, the negligence is on the part of the bank account holder. Contractually, the bank doesn't have to bother. But most banks will still try their best to recover the funds for the account holder."

The MAS said consumers are generally liable for losses from transactions that they had authorised, even if they subsequently find out that they had been tricked into doing so.

Q. If my bank account was hacked and my savings were depleted, do I have to bear the losses?

A. Yes, if it is ascertained that the primary cause was recklessness on your part, such as failing to protect your access code.

But if it is proven that the security breach is on the bank's part, the bank would usually bear the losses, said Mr Lam.

Q. What is the bank's duty of care to me?

A. A bank's duty of care is contractual in nature. A lot of duty is imposed on the customer.

The MAS has issued the E-Payment Guidelines to protect users of electronic payments.

The guidelines set out the responsibilities of banks. For instance, banks are expected to provide real-time transaction notifications and a reporting channel, so that you may be alerted to unauthorised transactions and report them should they happen.

Bank customers would also need to take reasonable steps to protect their own interests. These include adopting good security practices such as protecting your device, login credentials and access codes.

Join ST's Telegram channel and get the latest breaking news delivered to you.