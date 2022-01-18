OCBC Bank said yesterday that it has started making goodwill payments since Jan 8 to customers who lost funds from their bank accounts in a recent spate of SMS phishing scams.

More than 30 customers have received the payments so far.

The Monetary Authority of Singapore (MAS) said yesterday that OCBC will also conduct a thorough probe to identify the deficiencies in its processes and implement the necessary measures to address them, following which MAS will consider the appropriate supervisory actions.

"MAS takes a serious view of the recent phishing scams involving OCBC Bank. They have significantly impacted several customers," said Ms Ho Hern Shin, MAS' deputy managing director for financial supervision. MAS expects "all affected customers to be treated fairly", she added.

OCBC said the payouts to affected customers are made on a goodwill basis after thorough verification, taking into account the circumstances of each case.

It added that customers will be contacted as soon as the review and validation process for their cases are completed.

Nearly 470 customers lost at least $8.5 million in fraudulent fund transfers last month after scammers posed as OCBC and sent SMSes to victims with links to phishing sites.

When asked by The Straits Times, the bank did not reveal how much it has paid out or if it intends to fully compensate every victim.

As investigations into the cases are extensive, involving multiple checks and parties, the bank said that it needed more time to get back to affected customers to address their concerns.

"I sincerely ask our customers to allow us the time to conduct a thorough review and validation before we inform them of the payouts," said OCBC Bank group chief executive Helen Wong.

"We seek our customers' patience and understanding as investigations are complex, and we apologise that our response fell short of our customers' expectations during their time of distress."

Some victims claimed that the bank took a long time - 20 minutes or more in some instances - to respond to their calls for help after they noticed suspicious activities.

By the time the bank was able to act, the victims had lost much of their funds.

MAS said it has been following up with OCBC on issues relating to the incident, including its incident response and customer service.

Many victims reportedly fell for the ruse because the fake SMSes were grouped by their phones with legitimate messages previously sent by the bank for one-time passwords and transaction alerts.

This happened as the scammers had spoofed the OCBC name used for sending out official SMSes.

Victims had clicked on a link in the SMS messages, which led them to a bogus bank website where they keyed in their Internet banking account login details.

With the details, including the one-time passwords, the fraudsters made fund transfers, in some cases wiping out victims' life savings.

OCBC said yesterday that the scam, which it described as "particularly aggressive and highly coordinated", preyed on people's fear that there was an issue with their bank accounts or credit cards.

Past cases of SMS phishing scams largely targeted consumers with "too good to be true" deals.

OCBC also sought to address criticism from some customers who claimed they did not receive sufficient warnings on the scams.

It said it has issued customers multiple alerts and warnings since Dec 3, via its website, Internet and mobile banking login pages, e-mail and social media channels.

It also issued media advisories on Dec 23 and Dec 30, and SMSes to all customers on Dec 30 and Jan 4.

Ms Ho said yesterday that "MAS expects all financial institutions to have robust measures for fraud prevention, detection and remediation, and to provide prompt assistance to customers who have been victims of scams".

The regulator is working with the Association of Banks in Singapore on industry-wide measures that may need to be taken "to ensure that digital banking remains secure, efficient and trusted".