Written Answer

Measures to Ensure Cashless Transactions Originating in Singapore are Encrypted and Secure

5 February 2018 · Prime Minister's Office

Speakers

Tharman Shanmugaratnam (Deputy Prime Minister and Coordinating Minister for Economic and Social Policies) Joan Pereira

Summary

This question concerns measures to ensure secure cashless transactions and contingency plans for network failures, as raised by Member of Parliament Ms Joan Pereira. Senior Minister Tharman Shanmugaratnam explained that the Monetary Authority of Singapore requires providers to use encryption, strong authentication, fraud monitoring, and transaction notifications to safeguard e-payments. To handle power or network disruptions, financial institutions must maintain backup power supplies and alternate telecommunications services to ensure business continuity. The Senior Minister noted that MAS conducts regular reviews to assess the effectiveness of these technology and business continuity controls. These protocols are designed to protect sensitive data and maintain service availability during technical or infrastructure disruptions.

Transcript

4 Ms Joan Pereira asked the Prime Minister (a) what are the measures in place to ensure all cashless transactions originating in Singapore are encrypted and secure; and (b) what are the contingency plans in place in the event of network breakdowns and power failures.

Mr Tharman Shanmugaratnam (for the Prime Minister): The Monetary Authority of Singapore (MAS) takes seriously the security of electronic payment transactions. Encryption is one of the safeguards against cyber threats and fraud concerning e-payments, but not the only one needed. The specific measures that payment service providers must put in place depend on the risks associated with different e-payment modes, and they include:

(a) strong authentication, such as the use of biometrics or dynamic passcodes, to verify customers' identity and to authorise electronic payment transactions;

(b) encryption to protect sensitive information against unauthorised access during data storage and transmission;

(c) fraud monitoring to facilitate timely detection and blocking of suspicious transactions; and

(d) transaction notification via short message service or email to alert customers when transactions exceed a specific threshold or when unusual payment behaviours are observed.

The contingency plans that have to be put in place for a network breakdown or power failure will depend on how each system is designed and the criticality of the service provided. Financial institutions (FIs) are required by MAS to have plans, such as back-up power supply or an alternate telecommunications service provider, to ensure continuity of service during disruptions.

MAS conducts periodic reviews of FIs to assess the adequacy of controls to manage technology and business continuity risks.