Root Cause of Human Error that Led to NETS Service Outage and Preventive Measures for Future Recurrence
Prime Minister's OfficeSpeakers
Summary
This question concerns the 2 February 2018 NETS outage, where Dr Tan Wu Meng asked about the root causes of the human error and MAS’s measures for ensuring cashless system reliability. Deputy Prime Minister Tharman Shanmugaratnam clarified that an administrator inadvertently terminated a communications module, though the 1.5-hour recovery met regulatory standards for Designated Payment Systems. He stated that MAS directed NETS to engage an independent consultant to enhance controls and implemented interim measures such as off-peak system access. The Minister noted that MAS will monitor remediation and issue supervisory directives to prevent future lapses while enforcing strict downtime limits. Finally, he emphasized the importance of alternative payment methods to ensure business and consumer resilience during unforeseen technical disruptions.
Transcript
13 Dr Tan Wu Meng asked the Prime Minister with regard to the interruption to NETS services on 2 February 2018 due to "inadvertent human error" during system maintenance (a) whether MAS has identified root causes which predispose the system to human error; and (b) what measures MAS is taking to ensure reliability of cashless transaction providers with significant market share where interruptions can significantly impact businesses and end users.
Mr Tharman Shanmugaratnam (for the Prime Minister): Following the NETS Electronic Funds Transfer at Point Of Sale (NETS EFTPOS) outage, NETS has conducted their investigations. The investigations have established that the outage happened because while preparing for a planned system change activity, a system administrator inadvertently executed a command that abruptly terminated a communications module which is required for connectivity to the banks. In other words, it is due to a human error.
MAS takes very seriously the reliability of our payments infrastructure as it forms a critical part of our financial system and economy.
Payment systems that are considered important for financial stability or for public confidence are designated under the Payment Systems (Oversight) Act as Designated Payment Systems (DPS). Examples include Singapore Dollar Cheque Clearing, Inter-bank GIRO, Fast And Secure Transfers (FAST) and the NETS EFTPOS.
All DPS operators have to adhere to MAS’ requirements on recoverability and reliability. DPS operators have to ensure that the systems are able to resume operations within four hours following any disruption. DPS operators are also restricted to a maximum downtime of no more than four hours across a period of 12 months.
In this case, NETS EFTPOS has not breached our regulatory standards. NETS was prompt in notifying the public about the outage, providing updates, and most EFTPOS' services were recovered in about one-and-a-half hours. NETS EFTPOS has not experienced a similar outage since being designated as a DPS in 2010.
Notwithstanding, we need to learn from this episode and ensure that similar incidences will not happen in future. MAS has instructed NETS to appoint an independent consultant to determine how controls could be enhanced to minimise the chances of human errors and to mitigate the consequences if an error does occur.
In the interim, NETS has scheduled all system administrator access to off-peak hours and tightened controls over system administrator IDs. Together, this should prevent a similar incident from happening.
MAS will closely monitor NETS' remediation of the identified gaps and issue supervisory directives to NETS as needed. Separately, recognising that no payment system is infallible, it is important to ensure that alternative payment methods are in place. During the NETS EFTPOS incident, many affected consumers were able to switch to other electronic payment instruments, such as debit or credit cards, as well as stored value facilities, such as transport cards and e-wallets.