OCBC introduces new security measures, including lower default PayNow amounts

The new measures follow a spate of SMS phishing scams which saw nearly 470 customers lose $8.5 million last month. ST PHOTO: JASON QUAH

SINGAPORE - OCBC Bank has introduced a slew of new security measures, including sending instant fund transfer alerts to customers even when one cent is transacted.

It has also reduced the default daily limit for PayNow transactions from $5,000 to $1,000, the bank said in a statement on Friday (Jan 21).

Customers are able to adjust the daily limit for PayNow transactions to their needs, to a minimum of $100. The amount allowed to be transferred per transaction has also been reduced from the default of $1,000 to $200.

These measures follow a spate of SMS phishing scams which saw nearly 470 customers lose $8.5 million last month.

The bank has removed clickable links in marketing e-mails and SMS messages since Jan 11.

On Dec 31 last year, the bank also implemented a 24-hour cooling off period for digital token provisioning.

It added that it will implement the same 24-hour cooling off period for key account changes by Jan 31.

A dedicated customer service care team to handle customer queries and reports on fraud was also set up to assist customers who had fallen prey to the SMS phishing scams impersonating OCBC.

"This team has now been made permanent," the bank said on Friday.

"Our OCBC hotline (1800-363-3333) now contains a dedicated option for customers to escalate reports of suspected scams."

The bank added that it will continue its ongoing efforts to educate and inform customers about scams through its social media channels, e-mail, SMS, and on its website and mobile banking log-in pages.

"We would like to again remind consumers to be alert, protect their bank account log-in credentials, and to only perform banking transactions through the bank's official website and mobile banking apps."

The new measures are in line with an announcement by the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) on Wednesday, stating that all banks here will implement additional measures within the next two weeks.

MAS and ABS had called for a default threshold of $100 or lower for fund transfer transaction notifications and having a delay of at least 12 hours before the activation of a new digital token on a mobile device.

These immediate steps are needed to combat the growing threat of online phishing scams, MAS and ABS had said, and longer-term preventive measures are being evaluated for implementation in the coming months.

Other banks like DBS Bank have also started rolling out similar measures.

In an e-mail message to DBS customers, the bank’s managing director and head of its consumer banking group Jeremy Soo said DBS will immediately stop sending non-essential SMS messages to retail and wealth management customers, until further notice.

Customers will receive only essential SMS messages such as security and trade notifications and one-time passwords.

“Going forward, none of our SMSes will contain links, so please do not click on any links in SMSes that appear to be from DBS,” Mr Soo added.

Join ST's Telegram channel and get the latest breaking news delivered to you.