The Monetary Authority of Singapore (MAS) has released the Shared Responsibility Framework outlining the responsibilities of banks and mobile service providers in cases where customers fall victim to scams. The focus is on thwarting scams such as phishing schemes and money-sucking apps, but not those where victims willingly transfer money themselves, like investment scams, which are not covered by this announcement.
While the announcement extends to mobile service providers, their responsibility is limited to filtering SMS, checking and blocking high-risk messages. The bulk of the responsibility lies with the banks, requiring them or other financial institutions to implement additional measures, including:
– Introducing a 12-hour delay for new digital token installations to prevent bad actors from using victims’ passwords to access their own devices and attempt large transfers. This delay hampers malicious activities.
– Notifications for new digital token installations or high-risk transactions.
– Immediate alerts for money leaving the account.
– Urgent account lockdown options for customers to freeze funds 24/7.
Earlier, MAS mandated banks to report daily transactions to customers for free, but the immediate reporting obligation was not enforced. This recent announcement holds banks accountable for any losses incurred if customers are deceived. However, this framework is quite limited as it does not cover scams through non-digital channels, such as scammers calling to ask for passwords.
During the feedback process, some suggested widening the scope of the framework, but MAS confirmed that they would start with these measures. Banks are allowed to go beyond the framework to assist customers further.
TLDR: MAS has introduced the Shared Responsibility Framework to hold banks and mobile service providers accountable in cases of customer scams, mainly focusing on preventing phishing and fraudulent apps. The responsibility primarily lies with banks, while mobile service providers are tasked with filtering high-risk messages. Additional measures include delayed digital token installations and immediate alerts for high-risk transactions.
Leave a Comment