Skip to main content
Best News Website or Mobile Service
WAN-IFRA Digital Media Awards Worldwide
Best News Website or Mobile Service
Digital Media Awards Worldwide
Hamburger Menu




FAQ: Is it safe to store money in apps? Here's what you need to know

Before putting money in a digital wallet, do you check if the provider is licensed by the Monetary Authority of Singapore? Or read through its terms and conditions? CNA asks lawyers whether you should be doing these things.

FAQ: Is it safe to store money in apps? Here's what you need to know

A person making a payment by scanning a QR code. (File photo: iStock)

SINGAPORE: As the use of cash declines, it is now common to see people waving their phones at a payment reader or scanning a QR code to pay for a purchase.

For those who don't qualify for credit cards or would rather not use them for contactless payments, digital wallets where users can pre-load funds are a popular option. 

One commonly used option in Singapore is GrabPay, by tech behemoth Grab. Major e-commerce platforms like Shopee, Lazada and Qoo10 also have their own versions of digital wallets.

Mobile app payments that can be linked to credit or debit cards, or have a stored value function to pre-load funds, have been around since e-commerce took off. But the industry saw rapid growth during the COVID-19 pandemic amid a boom in online shopping and a growing preference for contactless payments.

So much so that they look set to overtake credit cards as the most popular online payment method in Singapore by 2024, according to a report by US financial technology firm FIS that tracked payment trends in 2020.

These apps accounted for 29 per cent of e-commerce transaction value in Singapore last year, up from 20 per cent in 2020, and closing the gap with credit cards which for now retain their lead in market share at 42 per cent, according to FIS' most recent report in 2022.

For in-store purchases, these apps are also growing in popularity as consumers shift away from cash. The industry grew from 11 per cent to 14 per cent of in-store transaction value in 2021, and is expected to hit 23 per cent by 2025.

But are there enough safeguards in place to protect consumers? How safe is your money in these e-wallets? Here's what you need to know:

Q: How are digital wallets regulated in Singapore?

They are regulated under the Payment Services Act, which came into force in early 2020.

Digital wallet providers are required to obtain a licence from the Monetary Authority of Singapore based on their monthly transaction volumes for regulated activities and size of daily electronic money (e-money) float.

The licensable activities include account issuance, domestic and cross-border money transfer, e-money issuance, digital payment token dealing or exchange and merchant acquisition.

Those with transactions of more than S$3 million a month for any licensable activity, or S$6 billion a month for two or more activities, or hold a daily e-money float of more than S$5 million will be categorised as a major payment institution.

Digital wallet providers who hold the major payment institution licence include GrabPay and ShopeePay.

Those with transaction volumes and e-money float sizes below the above thresholds will have to apply for a standard payment institution licence.

Q: What are the consumer safeguards in place?

Given the scale of their operations and accompanying risk, major payment institutions are subject to more rules than standard payment institutions.

For example, they must comply with requirements to safeguard money received from customers and stored as e-money in digital wallets.

This can either be in the form of an undertaking or a guarantee given by a bank or financial institution in Singapore to be fully liable to the customer for the money. Alternatively, they can deposit customer funds into a trust account maintained by a bank or financial institution here.

“These safeguards are meant to ensure that customers' funds are kept separate from other funds – such as the digital wallet provider's own proprietary funds – and not used for payment of the digital wallet provider's debts,” said Ms Elaine Chan, co-head of financial services regulatory practice at WongPartnership.

Standard payment institutions do not need to adhere to these requirements, although they must disclose this to their customers.

Authorities have previously said the lighter regulation for this category of payment services firms is in line with the smaller scale of operations, as well as to encourage innovation.

Asked if this means one is safer than the other, WongPartnership partner Tian Sion Yoong said: “To the extent that a major payment institution has these regulatory requirements to safeguard customer money, then perhaps it could be seen as ‘safer’ in that sense.”

But a standard payment institution may decide to put in place these safeguards despite not being mandatory, he added.

Consumers who have concerns should check directly with the institutions about what is being done to safeguard customers' money, said Mr Tian, who is a partner at the law firm’s financial services regulatory and financial technology practices.

Other experts noted that the Monetary Authority of Singapore (MAS) has a “stringent” process when assessing applications, be it major or standard payment institutions, thereby ensuring that only those who meet its standards get awarded a licence.

Applicants are required to submit detailed information on their policies regarding consumer protection, cybersecurity, anti-money laundering and others. They then go through several tests and simulations conducted by the regulator, said Mr Leong Chuo Ming, partner at Withers KhattarWong.

“The application process is actually quite brutal because MAS really wants to make sure these providers know what they are doing,” he added.

Other safeguards include e-wallet providers being barred from providing cash withdrawal services and having a cap of S$5,000 on the amount of funds that can be stored in these digital wallets.

These are partly intended to protect users, as well as ensuring stability of the overall financial system and deter money laundering, said Ms Etelka Bogardi, financial services regulatory partner at Norton Rose Fulbright.

Q: Some digital wallet providers have a clause that says users may not be able to recover their money if the business fails. Should I be worried?

No, according to experts that CNA spoke to.

Mr Leong described the clause as a “standard” inclusion in the terms and conditions as a way to protect a business from “as much unforeseen circumstances as possible”. 

Ms Bogardi echoed that the clause lays out the worst-case scenario, and is no different from risk disclosure statements found in other types of service agreements.

And should a major payment institution become insolvent, the regulatory safeguards will kick in to allow a better prospect of recovery, the lawyers said.

For example, if there was an undertaking or guarantee from a bank, customers may seek to recover their funds from the bank, said Mr Daniel Liu, partner at WongPartnership’s restructuring and insolvency and special situations advisory practices.

And if the customer funds have been deposited into a valid trust account, these funds would be considered "ringfenced" and not part of the company’s assets for liquidation.

“In terms of ownership, they would belong to the customer,” Mr Liu said, adding that as part of the legal process, customers will have to file a proof of debt with the liquidator.

“It will take some time because the liquidators need to take control of the affairs of the company and understand what's going on. But if a valid trust has been declared over the customer’s funds, that customer will likely be able to get his or her money back.”

But your recovery prospects are less optimistic when a non-major payment institution runs into financial woes, since user protection requirements are not mandatory.

When a business is wound up, its assets – including customers' funds – are liquidated. If no consumer safeguards are in place, secured creditors will be paid first, followed by other preferential debt such as the liquidator’s fees and employees' wages.

Customers would fall into the category of unsecured creditors and will rank equally as other unsecured creditors. This group may then receive a proportionate distribution of the remaining assets based on the amount they are owed, said Mr Liu, adding that chances for a full recovery are minimal.

That said, FIS noted that the risk of customers losing their money due to a sudden exit by a provider in Singapore is “very low”. 

This is due to the stringent rules put in place by authorities as part of the Payment Services Act and the fact that an overwhelming majority of non-bank wallet providers in Singapore are “major corporations linked to big tech, regional super apps and the like”, said Ms Yvonne Szeto, vice-president of commercial for Asia-Pacific at Worldpay from FIS.

Q: What should customers look out for when using a digital wallet?

Still, it never hurts to be a prudent consumer.

A key thing to do, according to experts, would be to check if a digital wallet provider is licensed by the MAS.

This can be done via the financial institution directory on MAS’ website, which shows a provider’s licence type and activities they are authorised to provide. Consumers should also check and avoid any service provider that has been placed on the MAS' investor alert list, said Mr Tian.

“Any digital wallet operator that misrepresents itself as being licensed or regulated by MAS when it is not, may not be reliable and could be a scam,” he said.

While the terms and conditions of service agreements aren’t exactly page-turners, users should try to read them before clicking “I agree”. In particular, look out for details about the safeguarding of customer funds in the event of an insolvency, which are typically included in these agreements.

“If there isn’t anything in there about how they are safeguarding the funds, then that’s a question mark,” said Ms Chan.

Mr Leong cautioned against putting more funds than what is needed into a digital wallet.

“Don’t use it as a bank account. That’s not what it’s meant for,” he said.

He also advised staying vigilant against phishing scams, which remain “one of the main risks” for digital wallet users.

In cases that have happened in Singapore, scammers would deceive victims into giving up their personal details, banking credentials and one-time password. The scammers would then use this information to apply for e-wallets and make unauthorised transactions.

The police in January issued a warning about the re-emergence of such phishing scams.

You may also be interested in:

Source: CNA/sk(cy)


Also worth reading