Getting your Trinity Audio player ready...
|
The Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority (IMDA) have jointly released a consultation paper outlining a groundbreaking Shared Responsibility Framework (SRF) aimed at tackling phishing scams.
This innovative framework assigns specific responsibilities to financial institutions (FIs) and telecommunications companies (Telcos) to prevent phishing scams and introduces payouts to victims when these duties are breached.
Building on previous efforts, this comprehensive SRF encompasses both FIs and Telcos, recognising their pivotal roles in safeguarding financial transactions against the rising threat of digitally enabled scams. These scams, characterised by unauthorised transactions initiated without the victim’s consent or knowledge, pose a significant risk to digital banking and payment systems.
The SRF focuses on a specific category of phishing scams where individuals unknowingly reveal their account credentials to scammers posing as legitimate entities, resulting in unauthorised transactions. It aims to bolster the direct accountability of FIs and Telcos to consumers by defining clear duties for each party, such as FIs ensuring the transmission of transaction notifications and Telcos implementing scam filters. Breaches of these duties will determine responsibility for losses under the framework, encouraging strict adherence to anti-scam controls.
Responsibility for losses follows a “waterfall approach” with FIs bearing the primary responsibility, given their role as custodians of consumers’ funds. Telcos assume secondary responsibility due to their involvement in facilitating SMS delivery. However, if both parties fulfil their duties, no payouts to consumers will be required, emphasising the importance of consumer vigilance.
The SRF does not cover malware-enabled scams at this stage, considering the evolving nature of these threats. The government remains committed to combating malware scams through industry collaboration, safeguard measures, and public education.
The joint consultation paper seeks feedback on various aspects of the SRF, including its scope, duties, and payout approach. MAS and IMDA will consider these comments when finalising the framework. Ms Ho Hern Shin, Deputy Managing Director (Financial Supervision) at MAS, highlighted that the SRF encourages vigilance among all stakeholders in the payment ecosystem and complements proposed amendments to the E-payments User Protection Guidelines (EUPG).
Aileen Chia, Deputy Chief Executive (Connectivity, Development & Regulation) at IMDA, emphasised the success of measures like the mandatory SMS Sender ID Registry in reducing scam SMS cases and underscored the Telcos’ role in strengthening the ecosystem against scams.
Interested parties are invited to submit their comments on the proposed framework by 20 December 2023. For detailed information, please refer to the consultation paper [link]. The Singapore government continues its commitment to combat phishing scams and safeguard the integrity of digital financial transactions.
Summary of multi-layered approach to address scam calls and scam SMS
OpenGov Asia reported that the National University of Singapore (NUS) and the Cyber Security Agency of Singapore (CSA) had joined forces to create the NUS-CSA CyberSG Talent, Innovation and Growth (TIG) Collaboration Centre that aims to position Singapore as a leading global hub for cybersecurity innovation to uplift the nation’s cybersecurity sector.
In 2018, the Monetary Authority of Singapore (MAS) introduced the E-payments User Protection Guidelines, a pivotal step in bolstering trust in electronic payments. These guidelines outlined the responsibilities and liabilities of financial institutions and consumers in the face of unauthorised or erroneous payment transactions, instilling confidence in electronic payment methods.
Fast forward to February 2022, MAS revealed its ongoing commitment to enhancing payment security through a review of the Shared Responsibility Framework (SRF) Guidelines. The Payments Council, led by MD MAS, initiated this review in July 2021, as part of a broader effort to reinforce safety measures in digital banking.
The SRF Guidelines are poised to address the responsibilities of financial institutions, including banks, credit card issuers, and major payment service providers offering account issuance services, as well as those of consumers when faced with unauthorised or incorrect payment transactions. This comprehensive review signifies Singapore’s dedication to maintaining and improving the security of digital payment systems.
Additional Documents