Reports of Unauthorised Online Banking Transactions and Proportion that Involves Suspected Mobile Device Hacking
Ministry of TransportSpeakers
Summary
This question concerns MP Dr Tan Wu Meng’s inquiry into the annual volume of unauthorized online banking transactions and the recourse available to victims of mobile device hacking. Minister for Transport Ong Ye Kung stated that cases rose from 114 in 2018 to 1,848 in 2020, with investigations ongoing into transactions where one-time passwords were not disclosed. Banks have implemented precautionary measures like transaction limits for disputed merchants, and consumers will not bear financial losses if unauthorized transactions result from bank lapses rather than consumer negligence. Victims must immediately file a police report and contact their bank to ensure prompt investigation while maintaining good cyber hygiene such as updating security software. The government stresses that multi-factor authentication cannot eliminate all scams, so consumers must safeguard their login information and passwords as they would their ATM PINs.
Transcript
17 Dr Tan Wu Meng asked the Prime Minister (a) over the past three years, how many reports have been made annually by consumers regarding unauthorised online bank transactions; (b) in what proportion of cases is there two-factor authentication (2FA) by token and SMS one-time password respectively; and (c) what is the recourse for consumers who suspect that they are victims of cybercrime or mobile device hacking leading to the unauthorised bank transactions.
The Minister for Transport (Mr Ong Ye Kung) (for the Prime Minister): In 2020, the Police received 1,848 reports of unauthorised online banking and card transactions involving criminals phishing for banking and card details from the victims before performing these unauthorised transactions. The cases are, unfortunately, on an upward trend. In 2018 and 2019, there were 114 and 329 cases respectively. I think this really reflects the advent and the growing number of electronic transactions that we are seeing.
The Monetary Authority of Singapore (MAS) requires banks to implement controls, such as multi-factor authentication using one-time passwords or OTPs, to keep online transactions secure. Unfortunately, multi-factor authentication cannot eliminate all scams. Many victims have been tricked into revealing their user IDs, passwords, OTPs or credit card details to scammers.
Recently, some account holders have reported successful online card transactions when no SMS OTPs were received, or when no SMS OTPs were revealed to others. The Police and banks are following up on these cases and investigations are on-going. As a precaution, the banks have put in place additional measures, such as rejecting card payments made to some commonly disputed merchants, or placing limits on the transaction amounts that customers can transact with such merchants.
So, if you suspect that you have been a victim of fraud or cybercrime, the first step is to make a police report and contact your bank immediately so that investigations can take place promptly. If an unauthorised transaction was due to the bank’s lapses or non-compliance with MAS’ rules, the customer will not bear any financial loss provided that he has practiced proper cyber hygiene and had not been negligent.
Customers play an important part in preventing scams, because guarding against online threats starts with practising good cyber hygiene. This includes keeping passwords secret and promptly updating the security patches and anti-virus software on computers and mobile devices. It is very important that consumers treat their online banking login information, including OTPs, as they would their ATM PINs.
We cannot emphasise this enough to the public. Never reveal your login information, including OTPs, to others. Employees of financial institutions will not ask for such information. So, if you are asked for it by a third party, do not provide it.
Consumers should also heed the security email advisories, notices and alerts disseminated by their banks, MAS, the Singapore Police Force and the National Crime Prevention Council, and share them with family and friends.