A new framework outlines the responsibilities of financial institutions and telecommunications companies in combatting phishing scams.
Singapore will implement a new scam liability framework on Dec 16, 2024, designed to outline the roles and responsibilities of financial institutions and telecommunications companies (telcos) in preventing phishing scam losses. The framework, introduced by the Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority (IMDA), ensures that these entities are held accountable for failing to fulfill their duties.
Duties of Financial Institutions:
12-Hour Cooling Period: Banks and e-wallet providers must introduce a 12-hour cooling-off period when activating digital security tokens to prevent high-risk activities like large transactions or adding new payees.
User Alerts: Customers must be alerted immediately whenever a digital security token is activated or a high-risk transaction occurs.
Real-Time Notifications: Banks must notify customers of outgoing transactions to enable prompt reporting of potential scams.
24-Hour Reporting Channel and ‘Kill’ Switch: Financial institutions must offer a 24/7 reporting system and a “kill” switch, enabling customers to freeze their accounts and stop unauthorized transactions.
Real-Time Fraud Surveillance: Institutions will need to implement systems that block fraudulent transactions, particularly those involving significant sums from accounts with over $50,000.
Duties of Telcos:
Flag Unauthorized Aggregators: Telcos will mark messages from unauthorized senders as “likely scam.”
Block Unauthorized Sender IDs: They must block messages from unauthorized aggregators to reduce scam attempts.
Anti-Scam Filters: Telcos are required to implement filters that scan for malicious links in SMS messages.
If either the financial institution or telco fails to meet these obligations, they will be liable to cover scam-related losses. This framework aims to better protect consumers from the rising threat of phishing scams in Singapore.