Forum: Set cap for daily transfers that bank customers can do digitally
Sign up now: Get ST's newsletters delivered to your inbox
I refer to the new measures put in place by the Central Provident Fund (CPF) Board, Government Technology Agency (GovTech) and Singapore Police Force on malware-related scams involving CPF savings (Singpass face verification during CPF login for vulnerable members, June 30).
The agencies advised that downloading malware on the phone and turning on accessibility services allow scammers to take full control of the mobile device, including stealing banking credentials stored in the phone, remotely logging in to the victim’s banking apps, adding money mules as payees, raising payment limits and transferring monies out to money mules. The scammer can further delete SMS and e-mail notifications of fund transfers.
Additionally, the scammer may log in to a victim’s CPF account through Singpass to make a withdrawal and subsequently transfer the money out from that bank account using stolen banking credentials from the phone.
Banks should review the feature which allows customers to raise transfer limits beyond a certain amount digitally, as a safeguard against losses.
For the majority of ordinary citizens, transferring large amounts of savings from bank or CPF accounts does not occur frequently.
Banks should consider setting a default upper cap for daily transfers that can be done digitally by customers. For example, banks can determine a daily cap of $3,000. Should customers require transfers of larger amounts, they can either make multiple transfers over subsequent days, or raise the cap manually at bank outlets where physical verification can be conducted.
Bank customers who require transfers of higher amounts on a regular basis can make specific requests to banks to opt out of such caps. This would allow more opportunities for intervention, and prevent devastating losses to scams.
Foo Jong Liat

