Cyber risk alert for banks

In Singapore, its central bank, The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) introduced a set of additional measures this week to enhance the security of digital banking.

CONCERNS are mounting following the recent phishing scams involving Singapore’s second largest bank Oversea-Chinese Banking Corp (OCBC), with industry observers noting that such cases are set to go up here as well.

To be sure, with the increasing use of digital banking, such predictions and fears are justified.

Cyber security firm Systech Bhd chief executive officer Raymond Tan says that such scams are not country-limited.

“It can happen everywhere, not only in Singapore, all of us may have received or will at some point, receive similar messages trying to scam us of our money, whether it’s via SMS, email or WhatsApp,” he says.

Tan, whose company tracks suspicious activity online and counts banks as some of its main clients says scams involving banks and other organisations here for that matter, will continue to rise but digital banking technology adoption should not be blamed.

“New technology and businesses always come with new risks but that doesn’t mean we shouldn’t embrace new technology.

“The Risk Management in Technology guidelines from Bank Negara do address such new technology risks,” he tells StarBizWeek.

Tan notes that SMS scams or other similar frauds like Macau scams exploit the weakest link in technology, which is the human element.

“We live in a borderless world and the lack of consumer understanding on private data protection will lead to increasing number of scam cases.”

Some industry observers argue that banks could do more.

Securemetric Bhd chief technology officer Sea Chong Seak says banks can take on the current challenges by strengthening their cyber security processes, and other relevant compliance programmes such as their electronic know-your-customer or eKYC as well as multi-factor authentication, data encryption and transaction signing systems.

“There is no doubt that digital banking can increase certain risks.

“The risks will be there and the common incidents of fraud are bank customer identity fraud, identity thefts, account takeovers and transaction fraud as digital banking involves banking activities that do not require face-to- face interactions,” Sea says.

In Singapore, its central bank, The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) introduced a set of additional measures this week to enhance the security of digital banking.

This, they say, is in view of the recent spate of SMS-phishing scams targeting bank customers.

The statement says: “MAS expects all financial institutions to have in place robust measures to prevent and detect scams as well as effective incident handling and customer service in the event of a scam.

“The growing threat of online phishing scams calls for immediate steps to strengthen controls, while longer-term preventive measures are being evaluated for implementation in the coming months.”

The statement says banks in Singapore, in consultation with MAS, will work to put in place more stringent measures within the next two weeks, including the removal of clickable links in emails or SMSes sent to retail customers and a delay of at least 12 hours before activation of a new soft token on a mobile device.

There will also be additional safeguards, such as a cooling-off period before implementation of requests for key account changes such as in a customer’s key contact details as well as dedicated and well-resourced customer assistance teams to deal with feedback on potential fraud cases on a priority basis, the authorities say.

Notably, customer vigilance is of paramount importance, according to MAS and ABS.

Research fellow at think-thank Centre for Market Education Liew Chee Yoong agrees that banks can tighten the security features of their banking and transaction systems to reduce the likelihood of fraud as well as aggressively educate their clients on how to protect against fraud and other banking security issues.

“On the issue of responsibility, unless it is proven that the bank had committed certain errors or there had been a lack of due diligence on their part which had allowed their clients to be cheated – both sides (customer and bank) have to be held responsible in the case of a scam.”

Even if the bank is at fault, providing compensation to the victims like in the case of OCBC Singapore, could just be a just a short-term measure, according to Liew.

“It is not an effective prevention measure in the long-run.

“If banks continuously practise this, it can create a moral hazard behaviour pattern among banking clients by giving them the impression that whatever happens to their banking accounts, the banks will compensate them,” he says.

“It will create complacency among banking clients which could then lead them to being less prudent and less careful when dealing with banking transactions.”

Liew points out that the relevant authorities, including Bank Negara, need to be stern against banks if they fail to prevent fraud from occurring via their systems and transactions.

“In my view, what Singapore’s MAS is doing is correct, which is considering taking supervisory action against OCBC Bank.

“Banks have the responsibility to install strong and effective security features in their banking transaction systems to prevent fraud.

“If the relevant authorities are not stern with banks regarding this matter, commercial banks may not view this responsibility seriously and may cut corners on the premise of cutting operating costs.

“This will not be good not just for their clients but for the banking sector as a whole,” Liew adds.

On Monday, the Singapore central bank said it would consider supervisory actions against OCBC after a review, following a SMS scam involving the lender’s customers.

A total of S$8.5mil (RM26.5mil) was reportedly lost to the scam which hogged headlines for weeks.

The bank has since said it would compensate the victims.

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 46
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights

Cyber , banks , MAS , ABS , digital banking ,


Next In Business News

Signature to acquire 23.67% stake in Fiamma for RM180mil
SunREIT net property income jumps 77.4% to RM118.92mil
Jentayu enters JV for RM78mil GDV condo project
Bursa Malaysia ends higher for third straight day
Aeon Co. posts jump in 1Q net profit to RM28.07mil
Malaysia Smelting Corp's 1Q net profit jumps to RM64.34mil
KPFB, SIAB ink MoU for JV project with GDV of RM389mil
LBS Bina records net profit of RM30.16mil in 1Q
Petronas Chemicals to acquire speciality chemicals firm Perstorp for RM10.5bil
Al Gore's Generation Investment launches US$1.7bil fund

Others Also Read