Total Value of Unauthorised Credit Card Charges in Last Five Years
Prime Minister's OfficeSpeakers
Summary
This question concerns the total value of unauthorized credit card charges and measures against Bank Identification Number (BIN) attacks as raised by Mr Saktiandi Supaat. Senior Minister Tharman Shanmugaratnam responded that specific statistics on BIN-related charges are not readily available, though card issuers utilize real-time fraud monitoring and chargeback mechanisms. He noted that for transactions lacking one-time password authentication, merchants typically bear the liability provided that the card user reports the unauthorized charge in a timely manner. The Monetary Authority of Singapore expects card issuers to implement robust security measures, including transaction alerts and prompt card replacement for compromised numbers. Finally, the public is encouraged to monitor card transactions regularly and immediately notify card issuers and the Police of any fraudulent activities detected.
Transcript
39 Mr Saktiandi Supaat asked the Prime Minister (a) in each of the last five years, what is the total value of unauthorised credit card charges that have been reported; (b) what proportion of such unauthorised charges comprised individual transactions that are below S$50 in value each; and (c) what regulatory measures are being considered or implemented to protect Singaporeans against Bank Identification Number attacks.
Mr Tharman Shanmugaratnam (for the Prime Minister): A Bank Identification Number (BIN) attack is a type of card fraud, using software to generate possible credit and debit card number combinations, expiration dates and card verification values. Low value transactions are systematically attempted in order to test for valid card details and higher value transactions are subsequently made using those valid card information.
The statistics requested by the Member are not readily available. Unauthorised credit card transactions, in particular, arising from BIN attacks, are not specifically tracked. Banks, however, track credit card dispute cases, which may comprise disputes over goods purchased or services rendered, card fraud, lost or stolen cards or scams. Of these, scams continue to be the main driver of losses suffered by consumers.
In BIN attacks, the fraudster typically targets merchants that do not require one-time password (OTP) authentication, as the fraudster would not ordinarily have access to the OTP. In such a case, a card user will not be liable for an unauthorised transaction. Rather, the merchant involved will be liable for the loss, as long as the card user reports the case on a timely basis.
The Monetary Authority of Singapore (MAS) expects that card issuers in Singapore and card scheme operators, such as Visa and Mastercard, have strong card security measures to protect customers from card fraud, including BIN attacks. Measures implemented include real-time card fraud monitoring, providing transaction alerts to customers, implementing OTP to authenticate customers before approval of online transactions at merchants, and chargeback mechanisms to reverse unauthorised transactions. Card issuers also work quickly to replace cards whose BIN numbers have been compromised.
Members of the public are strongly encouraged to monitor their card transactions regularly, and immediately notify their card issuers if they notice any fraudulent or suspicious transactions and also report such transactions to the Police.