Consumers can set own limits for e-payment alerts

Fraud is a rising concern as more people now use e-wallets (left) on their smartphones. The guidelines contain new measures to better balance risky user behaviour with the potentially large losses that financial institutions are exposed to.
Fraud is a rising concern as more people now use e-wallets (left) on their smartphones. The guidelines contain new measures to better balance risky user behaviour with the potentially large losses that financial institutions are exposed to.ST FILE PHOTO

Change in rule for unauthorised transactions from June 30

The Monetary Authority of Singapore (MAS) has revised a new rule that requires financial institutions to send alerts to consumers for every e-payment transaction above $0.01.

In its update issued yesterday, the MAS said consumers will be able to set their own notification limits instead. This is after receiving feedback from banks and users that the $0.01 transaction alert is too "onerous" and an overkill, The Straits Times understands.

The updated guidelines will come into effect on June 30 and will apply to banks and firms with widely-accepted stored-value facilities including EZ-Link and Nets. Grab and Singtel may come under the Payment Services Act, which will take effect as early as the end of this year.

Fraud is a rising concern as more people now use e-wallets such as PayLah, GrabPay, Singtel Dash and NetsPay on their smartphones.

First issued last September, the guidelines also contain new measures to better balance risky user behaviour with the potentially large losses that financial institutions are exposed to. From June 30, consumers can claim up to $1,000 from their banks if they are able to prove they are not negligent in any way that could have contributed to unauthorised transactions.

This threshold was set as e-wallets have a stored-value and transaction limit of $1,000 or less, and banks typically require more checks for transactions of more than $1,000.

This new measure will replace an existing blanket rule that allows consumers who may be careless, but not reckless, in contributing to unauthorised transactions to be liable for only up to $100. Careless behaviour includes misplacing a mobile phone or accidentally giving away passwords, and the onus is on banks to prove that users are reckless.

Under the new guidelines, however, users have to prove that they are not negligent. For instance, consumers are expected to monitor transaction notifications to spot suspicious activities early.

Under the new guidelines, however, users have to prove that they are not negligent. For instance, consumers are expected to monitor transaction notifications to spot suspicious activities early. Consumers must also have good cyber security habits such as installing the latest software updates on their mobile phones and computers used in e-payments.

Consumers must also have good cyber security habits such as installing the latest software updates on their mobile phones and computers used in e-payments. This includes not using a "jail-broken phone", in which a phone's firmware is altered without the manufacturer's approval.

Otherwise, consumers may be liable for unauthorised transactions.

As for financial institutions, the new guidelines require them to investigate transaction disputes quickly and provide detailed investigation reports within 21 days for straightforward cases, and 45 days for complex ones.

The new guidelines will not apply to scams or unauthorised payments made directly on credit, debit and charge cards as there are existing guidelines in place for these.

The Payment Services Act, which will take effect by the end of this year, will streamline the regulation of all payment services. MAS will consult the public on extending the e-payment guidelines to service providers under the Act in the upcoming months.

 

Ms Shirley Kin, 38, a financial consultant, said the current rule where consumer liability is capped at $100 provides greater peace of mind. "Under the new guidelines, the burden is on users to prove they are not negligent," she said.

Businessman Harry Chew, 49, agreed, saying: "If I don't update my iPhone 6's firmware because it slows down my phone, I'm already negligent?"

Correction note: MAS clarified that Grab and Singtel do not come under the e-payment guidelines that will kick in on June 30 even though they offer stored-value facilities.

A version of this article appeared in the print edition of The Straits Times on April 26, 2019, with the headline 'Consumers can set own limits for e-payment alerts'. Print Edition | Subscribe