Singapore mandates 'kill switch' for banks as safeguard against online scams

Banks in Singapore will have to provide a "kill switch" as part of a new slew of security measures to safeguard against growing online scams. Consumers also are urged to access their accounts via mobile banking apps, instead of web browsers, to minimise risks. 

The latest set of measures would complement those introduced in January this year, shortly after a spat of online scams involving OCBC Bank customers resulted in losses of more than SG$8.5 million ($6.32 million).

The new measures were unveiled Thursday and expected to come into effect by October 31 this year, according to the Monetary Authority of Singapore (MAS) and Association of Banks in Singapore (ABS).  

Local banks would progressively roll out the latest round of measures, which included setting the default transaction limit for online funds transfers to no higher than SG$5,000 and requiring additional confirmation from customers to process "significant changes" to their accounts. Further confirmations also would be required for high-risk transactions identified through fraud surveillance. 

Banks also must assign bank staff to the Singapore Police Force Anti-Scam Centre, in order to facilitate "rapid" account freezing and fund recovery operations. 

The emergency self-service kill switch must enable customers to suspend their accounts quickly should they suspect a security breach, MAS said. It added that banks were expected to enhance their fraud surveillance systems to address a broader range of scam scenarios. 

The industry regulator also urged consumers to use mobile banking apps, instead of web browsers, to access their accounts in order to minimise the risks of navigating to fraudulent websites.

To drive mobile use, banks would improve the functionality of their apps and help their customers transition towards greater adoption of mobile apps, MAS said. 

In the OCBC scams, scammers had manipulated SMS Sender ID details to push out messages that appeared to be from the bank, urging the victims to resolve issues with their bank accounts. They then were redirected to phishing websites and instructed to key in their bank login details, including username, PIN, and One-Time Password (OTP).  

In its statement Thursday, MAS reminded consumers that they, too, played a role combating scams and must keep up with online banking hygiene practices as scam tactics evolved. These included updating themselves on scam advisories and alerts issued by the police and banks, and referring to official sources such as MAS Financial Institution Directory and hotline numbers to communicate with banks;

MAS said: "The ongoing fight against scams requires an ecosystem approach, with all stakeholders playing their part in staying vigilant and guarding against scams. A draft framework aimed at achieving an equitable loss sharing between consumers and financial institutions is being finalised and will be put up for public consultation as part of a revised E-Payments User Protection Guidelines soon."

OCBC in February introduced its kill switch, allowing customers to cut access to all their accounts if they suspected their personal data had been compromised. When activated, the kill switch would freeze all accounts including digital banking, e-payment, ATM access, and credit cards. 

Customers would need to call the Singapore bank's hotline and use option "8" to trigger the kill switch, or do so via OCBC's network of 500 ATMs. 

RELATED COVERAGE