MAS reviewing liability framework for card scams where consumer, financial institution not at fault

SINGAPORE: The Monetary Authority of Singapore (MAS) is reviewing the liability framework for card scams, including in cases when both consumer and financial institution are not at fault.

"MAS is working with the industry to review the existing framework to provide greater clarity on the responsibilities and liabilities of consumers and financial institutions in the case of fraudulent payment transactions," Finance Minister Lawrence Wong told Parliament on Monday (Jul 26).

"The review will include the scenario where neither the consumer nor the financial institution was remiss in allowing the fraud to occur.

"The framework should provide a balance of incentives for all parties to do their part in preventing fraudulent transactions while ensuring that consumers who are not at fault are protected."

Mr Wong said MAS and the industry are "working towards a review and outcome by the end of the year", and will not rule out legislative changes as part of the review.

READ: New type of phishing scam targets bank customers with spoof SMSes: Police

The minister was responding to a question by Member of Parliament Yeo Wan Ling (PAP-Pasir Ris-Punggol), who asked which party would bear the financial loss in such scenarios.

In such situations, Mr Wong said the consumer does not give his credentials to a scammer, while there were no lapses or non-compliances by the financial institution.

Between September 2020 and February 2021, Mr Wong said, the police received 89 reports of fraudulent card transactions performed with SMS OTPs (one-time password) where victims claimed that they neither performed the transactions nor received any SMS OTPs to authorise such transactions.

While this figure has "come down" since March, and represents less than 0.1 per cent of fraudulent online card transactions reported, it is "nevertheless concerning", Mr Wong said.

The minister said MAS has asked financial institutions to step up vigilance towards such fraud.

Institutions have also implemented measures like rejecting card payments to common merchants previously linked to unauthorised transactions, or limiting the transaction amounts that consumers can transact with such merchants, he said.

"MAS also expects financial institutions to ensure that consumers are treated fairly while investigations are ongoing," he added.

"For example, banks have waived finance charges and late fees on the outstanding amount, or offered temporary goodwill credits on the consumers' credit cards in the interim.

"For those who wish to settle on the issue, banks may also offer partial waiver of the disputed amounts, taking into consideration individual circumstances such as financial hardship and whether there were any indicators of negligence by the consumers."

Ultimately, Mr Wong said consumers who have suffered financial losses from fraudulent transactions are protected, as long as they have acted responsibly.

If a merchant has not adopted a system that requires customers to authorise transactions using OTPs, the consumer will not be liable for an unauthorised transaction, he said.

For non-card e-payments, consumers who have practised proper cyber hygiene and have not been negligent will not be liable for any losses arising from unauthorised transactions that do not exceed S$1,000.

"For unauthorised transactions exceeding this limit, financial institutions will investigate further on the root cause of the issue before liability is established," Mr Wong added.

"Where the unauthorised transaction arose because of lapses of non-compliance with me MAS' rules by the financial institution, again, the consumer will not be liable."