Singapore must find ‘right approach’ to decide who takes responsibility for malware scam losses: MAS chief

For now, some safeguards are in place. At least four major retail banks have rolled out anti-malware controls that restrict customers’ access to their apps if potentially risky apps downloaded from unofficial portals are detected on customers’ phones.

Banks are also looking to introduce a “money lock” feature that allows customers to block their savings from digital transactions.

These safeguards will inevitably result in some inconvenience and friction in the consumer banking experience, but Mr Menon called for consumers to understand the need for “a trade-off between security and convenience”.

“We’ve got lots of convenience in our payment system today. Digital payments were wonderfully helpful during COVID-19 but now with these risks emerging, especially the malware scams, we do need to recalibrate towards security.”

“I HEAR CONCERNS”

The development of the shared responsibility framework was first announced in February 2022 after close to 800 OCBC customers lost a combined S$13.7 million to scammers in phishing scams conducted via SMS.

MAS said then it would publish a draft framework to consider how the liability for scam losses can be shared between financial institutions and victims within three months. But that took “longer than expected” due to the complexity of the issues involved, it said in later parliamentary replies.

The inclusion of telcos and infrastructure service providers under the proposed framework makes Singapore the first to do so, the authorities said in the consultation paper.

Asked when telcos were included in the discussions and if that was a reason why the draft framework took longer than expected, Mr Menon said: “Actually, as early as the middle of last year, by and large most of what you saw being released was already settled.

“But we came to the realisation … that you need an ecosystem defence against scams. So, it’s not just the customers and the banks, but a range of players in the system.”

Telcos play an important role given how they are the channels through which SMSes are transmitted. As SMSes remain a “vital tool” that is still in use, there is a need to address the gaps in that space, he added.

Authorities were also in “deep discussions” with social media platforms and others in the ecosystem to explore how these companies can “exercise greater responsibility” over how their platforms are being used. 

“But we don’t have regulatory levers over them. Where we do have regulatory levers are the financial institutions, payment system providers and the telcos.”