Reports of Unauthorised Bank Transaction taking Place despite Absence of Alerts on Customer's Telephone Records

24 Dr Tan Wu Meng asked the Prime Minister (a) whether there are claims filed with the Financial Dispute Resolution Centre which involve an unauthorised bank transaction reportedly taking place and the bank has assessed that the One-Time Password (OTP) SMS messaging was used, but the customer's telephone operator records do not show transmission or receipt of such SMS OTP; and (b) whether there are other avenues available for these customers to seek redress.

The Minister of State for Trade and Industry (Mr Alvin Tan) (for the Prime Minister): Sir, the scenario Dr Tan described is quite rare: where an unauthorised bank transaction took place and where the bank assessed that the One-Time Password (OTP) SMS messaging was used, but that the customer's telephone operator records did not show transmission to or receipt by the customer of such an SMS OTP. The Singapore Police Force has not received any such report since 2021. The Financial Industry Disputes Resolution Centre (FIDReC) is aware of two cases since July 2022 where the use or receipt of SMS OTP by the customer is disputed.

When customers suspect that they have fallen for a scam or are alerted by the bank to unauthorised transactions involving their account, they should immediately contact the bank or activate the kill switch that the banks provide to freeze their accounts. They should also report such fraudulent activities to the Police.

MAS expects banks to treat customers fairly in all cases of disputes over unauthorised transactions. The banks must consider, one, whether they have fulfilled their obligations, and two, whether customers have done their part to protect their accounts. Depending on the outcome of the banks’ investigations, they may offer goodwill payment to customers.

Any customer may, if they wish, lodge the dispute with FIDReC for mediation and adjudication. If they are not satisfied with the FIDReC outcome, they can consider seeking legal advice on whether to pursue their case in Court.

Mr Deputy Speaker: Dr Tan Wu Meng.

Dr Tan Wu Meng (Jurong): I thank the Minister for his answer. I have got two supplementary questions.

Firstly, what is the process for handling disputes where the bank has assessed, based on their own records, that SMS OTP was used to validate the transaction, especially if the bank says SMS OTP by definition means it was legitimate, yet the customer is able to provide evidence, testimony from the telco that may suggest a different assessment of what happened? Is there a process for having this review besides FIDReC or does the bank have the final say on this question?

Secondly, Mr Deputy Speaker, can I also ask the Minister of State what is being done to prepare not just for the last war on scams but the next one?

A year ago, in February 2022, I asked in Parliament about the risk of emerging deepfake audio and video calls. Since then, there have been potential cases in the United States of deepfake audio voice calls. Can I ask the Minister whether the proposed equitable framework for sharing of losses will look at such emerging risks and will it also consider my previous suggestion on the difference between a customer making a forced error – for example, with a deepfake – versus an unforced error?

Mr Alvin Tan: Sir, I thank the Member for his two supplementary questions.

Let me take the second one with regard to the rapidly evolving nature of scams and the use of new technologies. We know that the techniques employed by scammers are constantly evolving and also gaining in sophistication with the use of differentiated technologies and this also thus requires a multi-pronged response across our ecosystem to strengthen our collective mechanisms and resilience against scams. The Monetary Authority of Singapore (MAS) will continue to work closely with our ecosystem partners, including the banking industry and other Government agencies. For example, MAS is working with banks to allow customers to verify genuine calls from banks. Banks are also exploring expanding the use of biometric technology with liveness test in addition to passwords and OTP as a means of authentication.

Members of the public can also play their part. Please install Scamshield; do not divulge your Internet banking credentials or passwords to anyone; be suspicious of unsolicited messages or calls that you receive and also verify calls received by calling the bank directly on the hotline listed on the official websites or cards.

For the first question, I will refer the Member to my main reply to the Parliamentary Question (PQ).

But for the questions with regard to the equitable sharing of losses, Dr Lim Wee Kiat has filed a PQ on that matter for this Sitting and we will address this issue in response to that PQ.

Mr Deputy Speaker: Mr Gerald Giam, a very short clarification or supplementary question because we are going to be running out of Question Time very soon.

Mr Gerald Giam Yean Song (Aljunied): Just a very quick supplementary question. When is MAS going to require the banks to use more secure methods besides SMS OTP, for example, using the app-based OTPs?

Mr Alvin Tan: The short answer is that MAS is working with the banks on a variety of authentication measures, including SMS OTP, and they are experimenting with different users as the technology evolves.

12.29 pm

Mr Deputy Speaker: Order. End of Question Time. Clarification by the Minister of State Sun Xueling.

[Pursuant to Standing Order No 22(3), provided that Members had not asked for questions standing in their names to be postponed to a later Sitting day or withdrawn, written answers to questions not reached by the end of Question Time are reproduced in the Appendix.]