Preventing Phishing Scams and Seeking Redress from Financial Institutions through Shared Responsibility Framework

2 Mr Zhulkarnain Abdul Rahim asked the Prime Minister and Minister for Finance what are the measures or plans to raise public awareness on the steps that the public can take to prevent scams or to seek redress from financial institutions upon the implementation of the Shared Responsibility Framework for phishing scams.

Mr Gan Kim Yong (for the Prime Minister): I will take Questions Nos 11 and 51 raised by Mr Desmond Choo and Mr Yip Hon Weng respectively, as well as written Parliamentary Question filed by Mr Zhulkarnain Abdul Rahim in today's Order Paper as they pertain to the Shared Responsibility Framework (SRF). [Please refer to "Adjustments to Cooling-off Period for Digital Security Token Activation Based on High-risk Activities and Enhancing Fraud Surveillance Thresholds", Official Report, 12 November 2024, Vol 95, Issue 146, Oral Answers to Questions section.]

Members asked about possible refinements to SRF duties, measures to help customers; particularly, seniors or the less tech-savvy to navigate and seek redress under SRF as well as efforts to raise public awareness on scams.

I will, first, respond to the Question on the 12-hour cooling period upon activation of a digital security token. This is a minimum period that financial institutions (FIs) must apply to specified high-risk activities once a customer has activated a digital security token on his or her mobile device. High-risk activities are typically performed by scammers during an account takeover to transfer funds without a customer's knowledge. The 12-hour minimum period, thus, gives customers sufficient time to act on abnormal activities in their account, while balancing inconvenience to customers from undue friction to legitimate activities.

Next, on real-time fraud surveillance duty. In calibrating the threshold, we must strike a balance between protecting consumers and the inconvenience posed to consumers conducting legitimate transactions. SRF introduces a requirement to block or hold transactions above the prescribed perimeters. Setting a lower value could generate too many false alerts and result in inconvenience to the majority of customers. That said, the Monetary Authority of Singapore (MAS) expects banks to take into account other factors, such as a consumer's profile and potential vulnerability to scams as well as their spending patterns, as part of their holistic approach towards fraud surveillance. These go beyond what is set out under SRF, which is an accountability framework designed with discrete, objective and verifiable duties for FIs and telecommunication companies (Telcos).

I will now address questions about operationalising SRF. A victim who qualifies for a claim assessment under SRF should contact his or her FI immediately and report the incident to the Police. In the case of a phishing scam within SRF, FIs will coordinate their investigation with Telcos, as necessary. Upon completion of an SRF-related case investigation, FIs will provide a written reply to the customer on the outcome of the investigation. If there is a breach of any SRF duty by the FI or Telco, they are expected to provide payouts to the customer. If the customer does not agree with the investigation outcome, he or she may seek further recourse, such as via the Financial Industry Dispute Resolution Centre.

Raising public awareness remains key in the fight against scams, particularly for vulnerable groups. The Government recently consolidated anti-scam resources into a one-stop portal, the ScamShield Suite, to equip members of the public with anti-scam resources. MAS and banks also partner other Government agencies, such as the Silver Generation Office and People's Association, to include anti scam-related content in their outreach to seniors. MAS and banks will continue to step up these efforts to expand our outreach.