Enhancing Security of Digital Banking Following Recent Scams
Prime Minister's OfficeSpeakers
Summary
This question concerns multiple parliamentary inquiries regarding recent OCBC phishing scams, specifically focusing on strengthening digital banking security, reviewing liability frameworks, and enhancing anti-scam measures like the SMS SenderID registry. Members of Parliament sought information on victim recovery efforts, the potential mandate for 24-hour bank hotlines, and improvements to public education regarding digital resilience. Minister for Finance Lawrence Wong responded by seeking permission to address these questions through three Ministerial Statements at the following day’s sitting. These statements were to be delivered by Minister for Communications and Information and Minister-in-charge of Smart Nation and Cybersecurity Josephine Teo, Minister of State for Home Affairs Desmond Tan, and Minister for Finance Lawrence Wong. This consolidated response aims to provide a comprehensive overview of government actions to protect consumers and the integrity of Singapore's financial systems.
Transcript
The following question stood in the name of Ms Tin Pei Ling –
7 To ask the Prime Minister in view of the recent phishing scams affecting several OCBC customers (a) what other actions will be taken to help victims who have lost their life savings through phishing scams; (b) what will be done to enhance digital banking security across all banks in Singapore; and (c) whether there will be a rethink of the use of one-time passwords for banking transactions.
8 Ms Foo Mee Har asked the Prime Minister (a) what lessons can be learnt from the recent banking scams; and (b) how can consumers be better protected from such scams.
9 Dr Tan Wu Meng asked the Prime Minister with regard to phishing scams where fake messages have been inserted into SMS threads used by banks (a) whether the Government has data on (i) the number of customers who were affected (ii) their total losses (iii) the amount of funds recovered or reinstated and (iv) the number of customers who experienced delays in escalating this issue with their banks; (b) if so, what are they respectively since 2020; and (c) whether MAS will review how the interests of customers can be better balanced and safeguarded.
10 Mr Don Wee asked the Prime Minister with regard to the recent phishing scams via SMS notifications, what measures will the Government consider implementing to ensure the security and integrity of digital banking platforms, speedy detection of fraud and the remediation action to customers.
11 Mr Yip Hon Weng asked the Prime Minister (a) whether he can provide an update on the review of the liability framework on scam payment transactions; (b) whether the SMS SenderID protection registry will be mandated for all banks and, if so, when; and (c) whether MAS will consider mandating banks to have a dedicated 24-hour hotline manned by relevant personnel to respond to calls expediently about ongoing fraudulent activities.
12 Dr Tan Wu Meng asked the Prime Minister (a) whether there are any Government regulations requiring banks to (i) provide channels for bank customers to urgently alert that a scam or fraud involving their account is actively in progress (ii) have a daily 24-hour response team on standby for such incidents (iii) have a process for escalating such distress calls from customers and (iv) provide recourse to an affected customer who has suffered increased losses caused by delayed bank response; and (b) if so, what are these regulations.
13 Mr Desmond Choo asked the Prime Minister with regard to the recent spate of scams targeting consumers of financial institutions (a) when will MAS' review of the framework on responsibilities of consumers and financial institutions in relation to fraudulent payment transactions be released; and (b) whether MAS will consider implementing the recently released guidelines on technology risk as a directive or notice instead.
14 Mr Desmond Choo asked the Prime Minister (a) whether the Ministry will consider publishing a list of financial institutions that have signed up for the Singapore SMS SenderID protection registry pilot scheme; and (b) whether the Ministry will make it mandatory for all financial institutions to sign up for the registry and, if not, what are the reasons for not making it mandatory.
15 Ms Joan Pereira asked the Prime Minister (a) whether there are any guidelines requiring banks to call and check with their clients before allowing suspicious transactions; (b) whether banks will be encouraged to explore other secured procedures to verify their clients' identities without asking for these details over the phone; and (c) what other measures will be considered for implementation to plug this security gap.
16 Miss Cheng Li Hui asked the Prime Minister with regard to the recent spate of SMS phishing scams impersonating local banks (a) whether there are plans to introduce further safeguards in addition to the new requirements announced by MAS and the Association of Banks in Singapore on 19 January 2022; (b) what is the number of similar scams that are reported over the last five years; and (c) whether the Government will consider any outreach programme to educate the public.
17 Ms Hazel Poa asked the Prime Minister (a) what are the lapses that resulted in OCBC customers falling prey to the recent phishing scams; and (b) what measures will the Government take to prevent this from happening again.
18 Ms Hazel Poa asked the Prime Minister whether he will review the apportionment of liability between banks and their customers in cases of scams.
19 Assoc Prof Jamus Jerome Lim asked the Prime Minister (a) what regulatory actions have been recently taken by MAS on anti-phishing measures; and (b) whether the Government will convene a workgroup to review current legislation against financial scams with a view to strengthening consumer protection.
20 Assoc Prof Jamus Jerome Lim asked the Prime Minister (a) what was the date that OCBC first notified MAS that it was being subject to a sophisticated phishing operation; (b) what actions did MAS pursue to constrain the phishing operation since that time of notification; and (c) whether MAS has since investigated whether OCBC's cybersecurity standards are sound.
21 Ms Yeo Wan Ling asked the Prime Minister (a) how many victims of the recent spate of scams targeting OCBC customers are awaiting investigation results and reimbursement; (b) whether MAS has concluded their investigations; and (c) whether the Government will improve the legal and protective safeguards for scam victims who do not flout e-banking protocols, such as providing one-time passwords to external parties.
22 Mr Gerald Giam Yean Song asked the Prime Minister (a) whether MAS will consider introducing a legally-binding risk-based approach framework in tackling the security of digital banking as has been done in Notice 626 which deals with Money Laundering and Countering the Financing of Terrorism; and (b) whether MAS will consider implementing a customer risk profile assessment, based on objective assessment, to determine the level of controls that financial institutions maintain over a customer's account.
23 Mr Dennis Tan Lip Fong asked the Prime Minister with regard to the recent spate of OCBC scams via SMS notifications, what efforts has the Government taken to (i) assist in the recovery of monies lost to the perpetrators and (ii) locate the perpetrators with the assistance of foreign authorities with the view to bringing them to justice.
24 Mr Leon Perera asked the Prime Minister (a) whether MAS can mandate banks to (i) proactively monitor, flag out and pause transactions that have a significant likelihood of being connected with scams, based on clearly defined criteria, until verification of the customer's identity and (ii) provide customers with the option of setting a default cooling-off period for transactions beyond a specified quantum; and (b) in the ongoing review of the liability framework on fraudulent transactions, whether affected consumers can be assured of full compensation if they did not act with gross negligence.
25 Mr Gerald Giam Yean Song asked the Prime Minister whether financial institutions can be legally required to make at least a partial compensation to victims of online scams in order to place a greater onus on them to take all possible technical and customer education measures to prevent their customers from falling victim to scams.
26 Ms Joan Pereira asked the Minister for Communications and Information (a) whether there are any plans to require the mandatory pre-registration of alphanumeric SMS sender IDs for businesses and organisations; and (b) whether there will be plans to beef up telcos' defences against scams and spoof attempts.
27 Mr Alex Yam asked the Minister for Communications and Information (a) what is the Cyber Security Agency's (CSA) assessment of the recent spate of telecommunication scams targeting bank customers and others; and (b) how does CSA work with financial institutions to ensure our Critical Information Infrastructure is protected from any malicious attempts to undermine confidence.
28 Mr Alex Yam asked the Minister for Communications and Information (a) what is the Ministry's assessment of the impact of the recent telecommunication scams on the SG Digital Office's (SDO) efforts in promoting digital adoption; and (b) how does SDO intend to ensure the public remains confident in the security of their online transactions.
29 Assoc Prof Jamus Jerome Lim asked the Minister for Communications and Information (a) whether there have been any studies on the effectiveness of the Do Not Call (DNC) Registry for reducing the prevalence of unsolicited calls and text messages; (b) whether these measures of effectiveness also evaluate prevention of financial scams; and (c) what are the remaining challenges that inhibit the further reduction of unsolicited calls and texts despite the presence of the DNC registry.
30 Miss Cheng Li Hui asked the Minister for Communications and Information (a) what are the challenges posed to our efforts to educate Singaporeans and, in particular, our seniors on anti-scam precautions and measures; and (b) how does the Ministry intend to enhance its outreach to further strengthen digital resilience among Singaporeans.
31 Dr Shahira Abdullah asked the Minister for Health whether the Ministry will consider adopting for the health sector some of the cybersecurity measures recently announced by MAS and the Association of Banks in Singapore, such as removing clickable links in emails or SMSes, given the sensitivity of health data, the prevalence of scams and the vulnerability among some segments of the community to fall prey to such scams.
32 Mr Ang Wei Neng asked the Minister for Home Affairs (a) in the past five years, what is the number of scam-related crime; (b) whether the Ministry has plans to devote more resources to investigate scam-related crime; and (c) how is SPF working with banks and other agencies to reduce scam-related crime in Singapore.
Dr Tan Wu Meng (Jurong): Question No 7.
The Minister for Finance (Mr Lawrence Wong): Mr Speaker, Sir, may I have your permission to answer Oral Question Nos 7 to 32 as part of the three Ministerial Statements to be delivered by the Minister for Communications and Information and Minister-in-charge of Smart Nation and Cybersecurity Mrs Josephine Teo, the Minister of State for Home Affairs Mr Desmond Tan and myself, at tomorrow's Sitting.
Mr Speaker: Yes, you may.