Singapore has taken a proactive stance in combating the rising threat of impersonation scams by implementing new regulations for banks and telecommunications companies. Under a finalized framework introduced by the Monetary Authority of Singapore and the Infocomm Media Development Authority, financial institutions are given six months to establish real-time detection tools to block fraudulent transactions. If they fail to comply, banks will automatically assume liability for stolen funds, placing significant pressure on these institutions to prioritize customer security. This move is a response to alarming statistics showing a nearly 50% increase in scams during 2023, resulting in losses of approximately SG$652 million (around $484 million).
The regulations establish a “shared responsibility framework” aimed at making victims whole again after experiencing losses due to scams. Under this system, if financial institutions comply with the new regulations, the regulatory authorities will investigate telecom companies for any violations. Consumers will only be liable for their losses if both banks and telecoms adhere to the new guidelines. This dual-layered approach ensures that both sectors work collaboratively to protect consumers from malicious actors who impersonate legitimate businesses or government agencies.
To further bolster security, banks are now required to implement additional measures, such as a 12-hour cooling-off period for account transactions initiated through new devices or digital security tokens. Furthermore, financial institutions must promptly notify account holders of any suspicious activity and provide a user-friendly portal for blocking unauthorized access to their accounts. While these changes may introduce additional friction in conducting high-value transactions, regulators believe this is a necessary trade-off to enhance consumer protection.
Telecommunications companies are also under stringent obligations, including displaying the sender’s name on SMS messages only if the message originates from a registered, authorized aggregator. They must also block SMS messages containing known malicious URLs to prevent scams from reaching potential victims. However, the framework does not cover all types of scams, excluding malware-enabled scams and those relying on harvesting credentials through non-digital means, such as phone calls or in-person interactions. With these comprehensive regulations set to take effect on December 16, Singapore aims to create a safer digital environment for its citizens while exploring further measures to strengthen digital banking security.
Reference:
