SINGAPORE - Phishing scams, including those targeting bank customers, have risen rapidly in frequency and sophistication in the wake of the Covid-19 pandemic, pushing the authorities in Britain to take stronger action to combat fraudsters.
New legislation could soon make it mandatory for banks in Britain to reimburse victims who have lost funds after being tricked into revealing their account details through fake websites and spoofed SMS messages, among other tactics, despite having exercised sufficient caution.
Other proposed rules would make it mandatory for major British banks to publish data on their performance in relation to these so-called authorised push payment (APP) scams, the levels of reimbursement given to victims, and information on which banks are being used to receive stolen funds.
Britain's Payment Systems Regulator (PSR), an independent watchdog, concluded a public consultation on the proposed measures last week. It is expected to publish a policy statement later this year.
APP scams involve fraudsters who pose as authority figures such as bank employees, the police or government officials.
They target victims through unsolicited SMS messages, phone calls or e-mails and trick or pressure them into revealing key information such as their Internet banking usernames, PINs and one-time passwords.
Once they obtain the information, the scammers can access the victims' accounts and drain them of funds within minutes.
Most major British banks have already adopted a voluntary code introduced in 2019, stating they will reimburse "no-blame" victims.
However, the Financial Ombudsman Service (FOS), set up by the British Parliament, reported last November that many scam victims were not being treated fairly by their banks.
The service said it had received about 30 per cent more complaints about APP scams from July to September 2021, compared with the same period in 2020. About three-quarters of these complaints were ruled in the consumers' favour, it added.
Case studies published on the FOS website showed that some victims had lost various amounts, ranging from a few thousand pounds to about £100 million (S$184 million).
In some instances, the FOS recommended additional payments on top of the lost funds after ruling that the banks had not done enough to stop their customers from losing money or had made mistakes that caused the victims greater distress.
Singapore has attracted its fair share of scams. According to police figures released at the end of August last year, victims lost $168 million to fraudsters using the top 10 most common types of scams in the first half of 2021. The amount was 2½ times that lost in the same period in 2020.
These included loan scams, e-commerce scams, job and investment-related scams and delivery tracking scams.
Some scams such as those involving fake SMS messages purportedly sent by banks spiked last month, particularly over the Christmas and New Year festive period.
In the latest example, nearly 470 OCBC Bank customers lost about $8.5 million in a spate of SMS scams last December.
OCBC has started to offer scam victims goodwill payments. But financial institutions are not legally obliged to do so in most cases where victims unwittingly but willingly give up sensitive data.
Even so, victims have several options for escalating their cases.
The Monetary Authority of Singapore recommends that consumers first seek help from the financial institutions, which are expected to deal with problems and feedback fairly, promptly and consistently.
If the victims cannot amicably resolve the problem with their banks, they can approach the Financial Industry Disputes Resolution Centre (Fidrec) to mediate the dispute.
Fidrec adjudicators can also decide on disputes if mediation fails. It has the power to make monetary awards of up to $50,000 in disputes between banks and consumers.
Consumers can also approach the Consumers Association of Singapore (Case), the Singapore Mediation Centre or the Small Claims Tribunals for help.
As a last resort, consumers can also take the bank to court.
