Banks may hold, reject some transfers if more than half of an account's balance is moved out
The new measure from Oct 15 will apply to accounts with balances of at least S$50,000 and is part of enhanced fraud surveillance.
Major retail banks in Singapore will implement enhanced fraud surveillance on all digital transactions from Oct 15, 2025, to further protect customers from scams. (File photo: iStock)
This audio is generated by an AI tool.
SINGAPORE: From Oct 15, banks may hold or reject transfers from accounts with balances of at least S$50,000 (US$38,800) if withdrawals over 24 hours amount to more than half of the total funds.
The safeguard will be triggered when a transaction, together with other withdrawals in that time period, exceeds 50 per cent of the available amount.
The transaction that triggers the threshold and all subsequent transactions will either be held for 24 hours or rejected.
Major retail banks – DBS, OCBC, UOB, Citibank, HSBC, Maybank and Standard Chartered – will implement the safeguard to all current and savings accounts, including joint accounts.
The safeguard will apply to all digital banking transactions done through bank apps and internet banking. Non-digital banking transactions, including cash withdrawals at bank branches and ATMs, will not be affected.
The Association of Banks (ABS) said on Friday (Oct 3) that this "enhanced fraud surveillance" will complement banks' existing anti-fraud measures.
"Customers may experience delays in digital payments and transfers, including for legitimate transactions, as banks step up their checks to protect customers," said ABS.
"Customers are advised to plan time-sensitive banking transactions (for example, for share purchases) in advance to avoid incurring fees and charges due to any delay."
Move comes after public consultation on shared responsibility framework
MAS and the Infocomm Media Development Authority (IMDA) gathered feedback in 2023 on a shared responsibility framework.
The shared responsibility framework was first announced in February 2022 after close to 800 OCBC customers lost a combined S$13.7 million to scammers.
The framework aims to strengthen the direct accountability of financial institutions and telcos to customers for losses incurred from phishing scams.
According to the public consultation paper, several members of the public had suggested the inclusion of an additional duty on financial institutions for fraud surveillance and detection, as it was reasonable to expect financial institutions to be able to "detect and block potential fraudulent transactions which are unusual or large".
MAS and IMDA agreed with the feedback.
"A key objective here is to strengthen financial institutions' fraud surveillance controls to substantially reduce cases of customers having material sums being rapidly wiped out from their accounts without their knowledge – such cases are of greatest concern to MAS," the authorities said in the consultation paper.
"In turn, customers must expect some added friction in their payment transactions, as banks progressively step up anti-scam safeguards and fraud surveillance monitoring to achieve better security."
They said that if a customer's account is being "rapidly drained" by a scammer, financial institutions must either block the transaction until it is able to reach the customer for confirmation, or send a notification to the customer and block or hold the transaction for 24 hours.
Minister of State for Trade and Industry Alvin Tan said in parliament in November 2023 that the full implementation of the anti-scam obligations under the framework should "materially reduce" the risk of phishing scams.
The framework kicked in on Dec 16, 2024.
TRANSACTIONS HELD, REJECTED
When transactions are held or rejected, bank customers will be informed immediately on their mobile banking app or internet banking platform, with instructions on the next steps to take.
The 24-hour cooling period serves as a "cognitive break" for scam victims who initiated and authorised the transactions, said ABS.
"It provides time for victims to cancel the transaction should they subsequently realise that they have been scammed," it added.
Banks will advise their customers on how to cancel transactions, including through mobile or internet banking or the contact centre. Upon cancellation, the transaction will not be processed.
Customers need not take any action if the transactions are legitimate and their funds will automatically be released after the cooling period.
In exceptional cases where customers urgently need transactions to be processed during the cooling period, they will have to verify their transactions with the bank.
This can be done at the bank's branches, ATMs or by calling the contact centre, depending on the options offered by the bank.
When a legitimate transaction is rejected, customers can reinitiate the transaction if they subsequently verify it with their bank.
"As banks adopt different ways to engage customers to verify the legitimacy of transactions, they will be advising their customers accordingly," said ABS.
To minimise disruptions to legitimate transactions, some digital banking transactions will be exempted from the new safeguards.
These are recurring standing instructions, recurring GIRO or eGIRO payments, and bill payments to organisations classified by the bank as billing organisations.
OCBC said: "Some legitimate transactions could be impacted, causing inconvenience to our customers. We seek their understanding and patience on this."
In "exceptionally time-sensitive situations", customers who need their funds released during the cooling period may do so at the bank's ATMs, said Mr Beaver Chua, head of anti-fraud, group financial crime compliance at OCBC.
"For urgent larger value transactions, we strongly encourage our customers to plan and make them ahead of time," he said.
NEED FOR FURTHER SAFEGUARDS
Scam cases in Singapore fell by 26 per cent in the first half of this year, with the amount lost falling by 12.6 per cent.
But scams remain a concern, said ABS.
"The banking industry will continue, together with the Monetary Authority of Singapore and law enforcement, to review, implement and strengthen measures to protect customers from scams," it added.
It said that security measures implemented by major retail banks have collectively averted scam losses of S$78 million in the first seven months of this year.
Major retail banks will also roll out further measures in the coming months, said ABS.
One new initiative is that banks will send in-app push notifications to customers who are digital token users when making calls to them.
"This provides assurance to customers that bank calls that they receive are indeed from their banks," said ABS.
"While the safeguards being introduced will step up protection of consumers, the fight against scams ultimately depends on a vigilant and discerning public."
ABS director Ong-Ang Ai Boon said banks have been investing in and implementing various anti-scam measures.
"However, scams remain a scourge on society and the methods adopted by scammers continue to grow in sophistication," she added.
"The measures announced today will help to protect phishing scam victims and stop fraudulent withdrawals before it is too late.
"This societal safeguard may result in some friction, and we seek customers' patience and understanding."
Ms Ho Hern Shin, deputy managing director (financial supervision) of MAS, said customers may face delays when conducting larger value transactions, but these safeguards will protect them from fraudulent transactions.
