Skip to main content
Best News Website or Mobile Service
WAN-IFRA Digital Media Awards Worldwide 2022
Best News Website or Mobile Service
Digital Media Awards Worldwide 2022
Hamburger Menu

Advertisement

Advertisement

Singapore

DBS, UOB become latest banks to restrict access if unverified apps are found on customers' phones

Both local banks said their new anti-malware security measures do not monitor phone activities, collect or store personal data.

DBS, UOB become latest banks to restrict access if unverified apps are found on customers' phones

People outside UOB and DBS branches at Toa Payoh Hub on Jan 11, 2023.

SINGAPORE: Local banks DBS and UOB are rolling out new anti-scam security measures that include restricting customers from accessing the banks’ digital services on their mobile phones if apps from unverified app stores – also known as sideloaded apps – are detected.

They are the latest banks in Singapore to do so – after OCBC and Citibank – amid a spate of malware scams targeting users of Android devices.

DBS said on Tuesday (Sep 26) that its new anti-malware tool for Android phones seeks to prevent scammers from fraudulently logging into customers’ accounts by restricting app access if it detects potential risks.

One such security risk is the presence of malware or malicious applications on customers’ phones. This new function has gone live, the bank’s head of legal and compliance Lam Chee Kin told CNA.

From early October, the presence of sideloaded apps with accessibility permission enabled, and detection of ongoing screen-sharing or mirroring detected on devices will also trigger restricted access to DBS’ banking app.

DBS said customers will not be able to access its banking app until they have taken the “necessary steps” to secure their phones.

Likewise, UOB announced that it will be rolling out new anti-malware security features on its banking app progressively from Wednesday.

The new security update will restrict customers’ access to the bank’s app when it detects apps downloaded from third-party or unauthorised sites and have “risky permissions” enabled.

An error message will be sent highlighting the name of the potentially risky app. Customers will have to uninstall or switch off accessibility permissions for the mentioned app to continue using UOB’s digital services.

“Customers are strongly recommended to uninstall the mentioned apps,” said UOB’s head of group compliance Daniel Ng said. “These apps with risky permissions settings can be exploited by scammers to compromise customers’ mobile devices and banking apps.”

Customers will also not be able to access UOB’s banking app if screen-sharing on other apps or tools is detected on their phones.

UOB said this will prevent customers from sharing their mobile screens with scammers unknowingly, hence allowing scammers to take control of their devices and compromise banking information.

Customers will be able to continue using the bank’s app once they turn off screen sharing.

NO MONITORING OF PHONE ACTIVITIES

OCBC was the first to roll out new anti-malware security measures last month, followed by Citibank on Sep 15.

The new moves aimed at nullifying the threat of malware scams have received mixed responses from banking users here, with OCBC customers taking to the local bank’s social media to express their concerns about privacy.

Asked why DBS is pursuing this security measure despite customer concerns, Mr Lam stressed that the latest security features do not monitor phone activities, collect or store any personal data.

“We are detecting the signatures of known malware or the signatures of sideloaded applications.”

DBS has done “a lot of testing” to strike a balance between security and user experience “as well as possible”, he added in an interview with CNA ahead of the announcement.

“For now, it appears (that) scam vulnerability by malware is a major issue and therefore, it is appropriate to strike the balance in favour of protection for now. If this changes over time, then we may be willing to revisit the situation,” he said.

In a press release, DBS Singapore Country Head Han Kwee Juan said: “We recognise that certain measures may add some friction to the customer journey and seek their understanding that they are necessary to ensure that they can perform digital transactions on a secured platform with peace of mind.”

UOB also sought to assure customers that its new security features do not monitor phone activities, nor collect or store any personal data. 

“These features are necessary for enhanced security to mitigate the risks and protect customers’ exposure to malware scams,” said Mr Ng.

“We also seek our customers’ understanding that deployment of the features may lead to some inconvenience.”

Meanwhile, DBS also rolled out a new security check-up dashboard, which hopes to get customers into “the habit of regularly reviewing” their security settings on the banking app.

Users can already access the new feature via the app’s homepage, based on a check by CNA.

Currently, the dashboard will focus on “getting customers to strengthen their core security accesses” before being expanded to include more security features in the coming months, DBS said.

With an increasing number of customers becoming more informed and looking to safeguard their own online security, the bank has been rolling out more of such self-managed security controls.

For example, the payment control features launched in 2021 allow customers to set monthly card spending limits, and indicate their preferences for cash advances and overseas in-store transactions.

Nearly half a million DBS and POSB customers have used these payment control features.

DBS said it has been continuously sharpening its security measures in line with evolving scam and fraud typologies. Together, the new measures announced on Tuesday will add to existing safeguards, including surveillance and monitoring systems.

Source: CNA/sk(ac/rj)

Advertisement

Also worth reading

Advertisement