A new scam liability framework, effective Dec 16, holds banks and telcos responsible for losses from phishing scams.
A new scam liability framework, set to take effect on Dec 16, 2024, will significantly impact banks and telecommunications companies (telcos) in Singapore. Under the Shared Responsibility Framework (SRF), financial institutions and telcos are required to fulfil key duties to prevent and manage phishing scams. If they fail to meet these obligations, they will be fully accountable for compensating scam victims.
Financial Institutions’ Duties:
Blocking or Holding Transactions Over $25,000: Banks must block or hold transactions of more than $25,000 for 24 hours as part of real-time fraud surveillance, particularly if a customer’s account is drained of more than half its balance (from accounts of at least $50,000) within a day.
12-Hour Cooling-Off Period: A cooling-off period will be imposed whenever a digital security token is activated, preventing high-risk activities like transferring large sums or adding new payees. The same applies to e-wallets such as Grab.
Real-Time Alerts for High-Risk Activities: Banks must send alerts for high-risk activities, including changes to account details or logging into e-wallets on new devices, to give customers an opportunity to detect fraudulent actions.
Consumer Protection Measures: Banks will also need to provide 24-hour reporting channels and a “kill” switch for customers to freeze accounts if unauthorized transactions are detected.
Telcos’ Duties:
Anti-Scam Filters: Telcos must deploy anti-scam filters on their networks to block phishing links in SMS messages, thereby preventing scammers from reaching potential victims.
Authorized Aggregator Requirement: SMS messages must only be delivered from authorized senders registered with the Infocomm Media Development Authority (IMDA), reducing the risk of scam messages passing through unauthorized channels.
Liability for Non-Compliance: If telcos fail to comply with these obligations, they will bear the responsibility for scam-related losses.
The framework aims to make the process of recovering losses easier for victims, by shifting the burden of proof away from the customer. This initiative follows a record high of over $385.6 million lost to scams in the first half of 2024, with phishing fraud accounting for a significant portion of these losses.
In cases where banks and telcos fulfill their duties, customers will bear the full losses, but can lodge complaints with the Financial Industry Disputes Resolution Centre. This approach aims to enhance consumer protection and reduce the financial burden on scam victims.