Setting lower value for banks to halt suspicious transactions may trigger 'too many false alerts': Alvin Tan
Under the upcoming shared responsibility framework, banks must implement real-time fraud surveillance to detect if an account is being rapidly drained due to a phishing scam.
SINGAPORE: Setting a value of below S$50,000 for banks to block or hold transactions as part of their fraud surveillance duty “could generate too many false alerts” and cause inconvenience for most banking customers, said Minister of State for Trade and Industry Alvin Tan in parliament on Tuesday (Nov 12).
Mr Tan was responding to questions about the shared responsibility framework for phishing scams, which will kick in on Dec 16.
The framework, first mooted in early 2022, seeks to prescribe how losses arising from phishing scams will be shared among financial institutions, telecommunication companies and consumers. It spells out specific duties for the companies, making them liable to pay if they have fallen short of their responsibilities.
The finalised framework includes an additional duty for banks to perform real-time fraud surveillance to “detect if a customer’s account is being rapidly drained of a material sum” due to a phishing scam.
An account would be considered as rapidly drained of a material sum if it had an account balance of S$50,000 or more immediately prior to the unauthorised transaction, and if more than half of that account balance was transferred out within the last 24 hours.
When this happens, the financial institution must either block the suspicious transaction until it is able to obtain further verification from the customer, or notify the customer while holding the transaction for at least 24 hours.
Responding to questions about how the threshold of S$50,000 was determined, Mr Tan noted that the authorities “must strike a balance between protecting customers and the inconvenience posed to consumers conducting legitimate transactions”.
“Setting a lower value could generate too many false alerts and result in inconvenience to the majority of customers,” he said.
However, banks are expected by the Monetary Authority of Singapore (MAS) to consider other factors in their fraud surveillance. These include a customer's profile and potential vulnerability to scams, as well as spending patterns.
“These go beyond what is set out in the (shared responsibility framework),” said Mr Tan who is a MAS board member.
In his supplementary question, Member of Parliament Desmond Choo (PAP-Tampines) noted that S$50,000 is a “fairly high threshold” for those from the lower-income groups who may not have these amounts in their accounts.
He asked if the value for fraud surveillance could be lowered automatically for this group of customers, or if they can have the choice of a lower threshold.
Mr Tan acknowledged that there are customers with amounts below S$50,000 in their accounts but reiterated that banks “have to make a balance between what is convenient and what is doable”.
He added that the threshold serves as “baseline expectations” for the banks' fraud surveillance duty under the shared responsibility framework.
“Banks also have their own internal surveillance systems and parameters, and they may choose to go under this S$50,000,” he said.
“But this S$50,000 threshold is prescribed for the purpose of the (framework’s) fraud surveillance duties, which if they do not meet as a baseline… then the banks will have to pay.”
Mr Tan added that the shared responsibility framework complements other moves that have been made to counter scams.
For instance, major retail banks have put in place security measures that restrict access to their apps if customers have downloaded apps from unverified app stores – also known as sideloaded apps – to counter malware-enabled scams.
A “money lock” feature has also been available for customers to set aside an amount in their bank accounts that cannot be digitally transferred out without strict identity verification.
The MAS is also studying “stronger” authentication solutions beyond the shared responsibility framework to enhance defences against unauthorised phishing transactions, said Mr Tan.
In addition, new legislation has been proposed to allow the police to order banks to restrict a potential scam victim's banking transactions, including online banking, PayNow and automated teller machine (ATM) facilities.
“This is to better protect targets who refuse to believe they are being scammed,” said Mr Tan.