Banks to remove clickable links in emails, SMSes sent to customers as part of new security measures

[The_King]

SINGAPORE — Banks in Singapore will be removing clickable links in emails or SMSes sent to retail customers and set the threshold for funds transfer notifications to customers by default at S$100 or lower, as part of several measures to protect account holders from phishing scams. 

These changes, announced by the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore in a joint statement on Wednesday (Jan 19), will be implemented within the next two weeks.

The new measures came after at least 469 customers were affected by an SMS phishing scam targeting OCBC Bank's customers, with losses totalling at least S$8.5 million.

The fraudsters had sent out fake bank alerts that spoofed the bank's official SMS channel with the victims, duping many of them into giving up their personal account information last month.

In the joint statement, MAS and ABS said that these measures will bolster the security of digital banking, given that it will lengthen the time taken for certain online banking transactions, and also provide an additional layer of security to protect customers’ funds.

Other measures that banks will be putting in place include:

 

 

• Delaying activation of a new soft token on a mobile device by at least 12 hours 
• Sending notification to existing mobile number or email registered with the bank whenever there is a request to change a customer’s mobile number or email address
• Introducing a cooling-off period before implementing requests to key account changes such as in a customer’s key contact details
• Having dedicated and well-resourced customer assistance teams to deal with feedback on potential fraud cases on a priority basis
• More frequent scam education alerts

"MAS expects all financial institutions to have in place robust measures to prevent and detect scams as well as effective incident handling and customer service in the event of a scam," read the statement.

"The growing threat of online phishing scams calls for immediate steps to strengthen controls, while longer-term preventive measures are being evaluated for implementation in the coming months."

[XianGe]

Good to announce it but it doesn't stop customers from clicking on phishing sms