Adjustments to Cooling-off Period for Digital Security Token Activation Based on High-risk Activities and Enhancing Fraud Surveillance Thresholds

11 Mr Desmond Choo asked the Prime Minister and Minister for Finance in respect of the Shared Responsibility Framework which requires financial institutions to impose a cooling-off period upon activation of digital security tokens (a) whether MAS can consider extending or adjusting the cooling-off period based on the type of high-risk activities to prevent rapid fund depletion; and (b) whether there are plans to enhance the real-time fraud surveillance threshold of more than half of a balance of at least $50,000 in the detection of rapid draining of accounts to cover smaller but significant losses.

51 Mr Yip Hon Weng asked the Prime Minister and Minister for Finance in respect of the Shared Responsibility Framework (SRF) (a) what measures are in place to assist more vulnerable residents, such as seniors or less tech-savvy individuals, in navigating the SRF and avoiding scams effectively; and (b) whether the Ministry can provide more details on how payout decisions will be communicated to scam victims under the SRF for transparency in the criteria used for reimbursement.

The Minister of State for Culture, Community and Youth and Trade and Industry (Mr Alvin Tan) (for the Prime Minister and Minister for Finance): Mr Speaker, may I have your permission to take Question Nos 11 and 51 raised by Mr Desmond Choo and Mr Yip Hon Weng respectively, as well as written Question filed by Mr Zhulkarnain Abdul Rahim in today's Order Paper as they pertain to the Shared Responsibility Framework, or SRF, please?

Mr Speaker: Please go ahead.

Mr Alvin Tan: Thank you, Mr Speaker. Sir, Members asked about possible refinements to SRF duties, measures to help customers, particularly seniors or the less tech-savvy, to navigate and seek redress under SRF, as well as efforts to raise public awareness on scams.

I will first respond to the question on the 12-hour cooling period upon activation of a digital security token. This is a minimum period that financial institutions (FIs) must apply to specified high-risk activities once a customer has activated a digital security token on his or her mobile device.

High-risk activities are typically performed by scammers during an account takeover to transfer funds without a customer's knowledge and this 12-hour minimum period thus gives customers sufficient time to act on abnormal activities on their account, while balancing inconvenience to customers from the undue friction to legitimate activities.

Next, on real-time fraud surveillance duty. In calibrating this threshold, we must strike a balance between protecting consumers and the inconvenience posed to consumers conducting legitimate transactions. SRF introduces a requirement to block or hold transactions above the prescribed perimeters. Setting a lower value could generate too many false alerts and result in inconvenience to the majority of customers.

That said, the Monetary Authority of Singapore (MAS) expects banks to take into account other factors, such as a consumer's profile and potential vulnerability to scams, as well as their spending patterns, as part of their holistic approach towards fraud surveillance. These go beyond what is set out in the SRF, which is an accountability framework designed with discrete, objective and verifiable duties for FIs and telecommunication companies, or telcos.

Sir, I will now address questions about operationalising the SRF. A victim who qualifies for a claim assessment under the SRF should contact his or her FI immediately and report the incident to the Police. In the case of a phishing scam within the SRF, FIs will coordinate their investigations with the telcos as necessary. Upon completion of any case investigation, including an SRF-related case, the FI will provide a written reply to the customer on the outcome of the investigation.

If there is a breach of any SRF duty by the FI or the telco, the FI or telco is expected to provide payouts to the customer. If the customer does not agree with the investigation outcome, he or she may seek further recourse, such as via the Financial Industry Dispute Resolution Centre, or FIDReC.

Raising public awareness remains key in the fight against scams, particularly for vulnerable groups. The Government recently consolidated anti-scam measures and resources into a one-stop portal, the ScamShield Suite, to equip members of the public with anti-scam resources. MAS and banks also partner other Government agencies, such as the Silver Generation Office and People's Association, to include anti scam-related content in their outreach to seniors. MAS and our banks will continue to step up these efforts to expand our outreach.

Mr Speaker: Mr Choo.

Mr Desmond Choo (Tampines): Mr Speaker, I have two supplementary questions for the Minister of State. First, I think we do want thank MAS and the Ministry of Finance (MOF) teams. It is not easy to put up all the defences against scams. Perhaps, the Minister of State and MOF could give an update on the progress of the different measures and what we can look forward to.

The second one is on the threshold of $50,000. To some of the lower-income residents or the depositors, $50,000 is a fairly high threshold and many of them will not have that kind of savings. You quickly deplete it, you will run out of all savings. Many of us would have seen it during our Meet-the-People Sessions.

Banks do have the data across different bank accounts about how much per person will have in totality. Is there a possibility that the threshold can be set lower automatically for those lower-income residents, so that we can safeguard whatever savings that they have? Or MAS or MOF can allow an opt-in option for these residents, or the children of these lower-income residents, to help them to get onto this, so that they can get these notifications or the 24-hour delay much easier?

Mr Alvin Tan: Sir, I thank Mr Desmond Choo for his supplementary questions. For the second question, with regard specifically to the fraud surveillance duty, as I mentioned earlier, the banks have to make a balance between what is convenient and what is doable. Setting a lower value could generate too many false alerts and result in inconvenience to consumers or customers who have legitimate transactions.

But I take the Member's point that some seniors, for example, or maybe other customers, would have lower amounts in their accounts. In this case, the fraud surveillance duty for banks, the parameters are, in fact, taken as our baseline expectations. These are baseline expectations and, in fact, what they will be held to, as part of the SRF's fraud surveillance duty.

Banks also have their own internal surveillance systems and parameters, and they may choose to go under this $50,000. But this $50,000 threshold is prescribed for the purpose of, as I mentioned earlier, the SRF's fraud surveillance duties, which if they do not meet as a baseline in a phishing scam, then the banks will have to pay out.

So, this is a baseline. Banks have to meet this at the minimum. If they do not, if it is a part of phishing scam, they will have to compensate.

To the first question by the Member, I think it is important to also take into account that there is a broad suite of measures – upstream and also downstream measures – that Government, financial institutions, telcos, as well as other players in this broad ecosystem, have progressively implemented to tackle scams. I thank the many Members here who have contributed to many of the suggestions that we have put together.

Third, SRF is one of this suite of measures. There is a 12-hour cooling period. You have notification alerts now. You have the reporting channel which is manned 24/7. You have kill switches available to customers. And also, you have the real-time fraud surveillance.

But beyond that, banks have put in place the detection of the side-loading of apps containing malware – that has reduced malware scams significantly. We have MoneyLock, which we have discussed in this House. We have ScamShield, which we have now consolidated into the ScamShield suite. Also, thanks to many of the feedback, banks have also taken a more forward-leaning approach in assessing goodwill payments for customers affected by malware scams.

Yesterday, Minister of State Sun Xueling mentioned about the Protection from Scams Bill, which will allow the Police to order banks to restrict potential scam victims' banking transactions. This is to better protect targets who refuse to believe they are being scammed.

We are also being more forward-leaning. In fact, MAS is now studying stronger, out-of-band authentication solutions beyond the SRF to enhance defences against unauthorised phishing transactions.

In all, MAS, MHA and the financial institutions, telcos, the ecosystem players will work together to mitigate the risks of other scam types like malware-enabled scams and that includes holding ecosystem players accountable where necessary. So, this is a broad measure. We are constantly evaluating different suggestions and proposals. You will see that we will put these together in our consolidated suite to tackle this scam scourge.

Mr Speaker: Mr Yip Hon Weng.

Mr Yip Hon Weng (Yio Chu Kang): Mr Speaker, I thank the Minister of State for his reply. The focus of my supplementary question is on seniors and less tech-savvy individuals as they are more susceptible to scams. I know many Members have seen many residents who come to their Meet-the-People Sessions about such issues.

Given that seniors and digitally vulnerable groups are often targeted by scams, has the MAS considered perhaps faster reimbursement processes, specifically for these groups? And secondly, many of them are non-English speaking. Are there efforts to communicate the SRF in multiple languages to inform these residents of the details of the SRF, especially on payout decisions?

Mr Alvin Tan: I thank Mr Yip Hon Weng for his suggestions. Indeed, seniors and the less tech-savvy are of great concern to Government, and that is why we are stepping out these outreach efforts on the upstream to explain what measures are available, but also to work with organisations like the Silver Generation Office as well as the People's Association to get that message out.

We have also worked with the banks so that now they are taking a more forward-leaning approach with regard to goodwill payments. You will see that that has been happening as well.

But as I mentioned to Mr Desmond Choo in response to his supplementary question earlier on, these are all suites of measures of which communication, particularly to the more vulnerable group, is a key part of our approach.