Singapore has created a framework for parties to be held accountable for phishing scams, with banks and telcos taking on accountability as the first line of defence.
Regulators for the financial services and ICT sectors published a joint consultation paper this week Proposed shared responsibility structure This will be the case of a phishing scam.
Also: Quishing Is the New Phishing: What You Need to Know
The Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority (IMDA) said it assigns “relevant responsibilities” to both financial institutions and telcos to mitigate such scams and detail the financial damages to be paid to affected victims, if these responsibilities are breached. . .
The proposed framework comes more than a year after MAS unveiled plans to lay down rules to determine how losses from online scams should be shared. The regulator warned victims against assuming they would be able to recover their losses and urged all parties to be vigilant.
Singapore’s efforts to sharpen accountability following a massive phishing scandal involving OCBC Bank customers, which resulted in A total loss of SG$13.7 million ($10.18 million). A number of measures were introduced to strengthen local banking and communications infrastructure, including a “kill switch” banks must provide to enable customers to suspend their accounts in the event of a suspected breach.
Also: What is Ransomware? What you need to know and how to reduce your risk
MAS noted that the payment to victims of OCBC phishing scams, covering the full amount lost to the scammers, was a “one-off gesture” and was made considering the circumstances. This includes the bank’s admission that it has failed to meet its own expectations of customer service and responsiveness.
In its proposed shared responsibility framework, Singapore said financial institutions were important as gatekeepers against fund outflows due to scams, while telcos played a supporting role as infrastructure providers for SMS, which scammers often use to communicate with targeted victims.
“Among the types of scams prevalent today, digitally-enabled scams resulting in unauthorized transactions are of particular concern. As such transactions are executed without the customer’s knowledge or consent. [and] could undermine confidence in our digital banking and payment systems,” the regulators said.
The framework adopts a “waterfall approach” where financial institutions, with greater responsibilities as custodians of consumers’ money, will be the first to bear the full loss if they fail to fulfill their responsibilities. Telcos fall next in line, as they play a secondary role in ensuring the security of digital payments by facilitating SMS delivery.
Also: How to find and remove spyware from your phone
Both parties have a “separate and specific responsibility” to reduce the risk of consumers becoming victims of phishing scams. Breach of such duties, such as banks’ failure to send outgoing transaction notifications to customers and telcos’ failure to implement scam filters, will trigger the determination of the party liable for damages.
Only when financial institutions and telcos fulfill their respective obligations, as set out in the framework, will they not be required to pay the affected customers.
Regulators hope this will motivate telcos and financial institutions to maintain strong anti-scam controls. They also remind consumers of the need to always be vigilant and refrain from clicking on unsolicited, suspicious links.
Under the circumstances set forth in the proposed framework, consumers would bear all damages in phishing scams where they provide credentials verbally to scammers or impersonate unknown foreign entities. Such cases do not fall within the scope of the Framework as they do not involve any digital material and do not involve Singapore-based entities or legitimate foreign-based entities.
The Shared Responsibility Framework also does not cover malware scams, as such scams are new. IMDA and MAS said it would be premature to prescribe measures at this stage as risk-mitigation measures are still being developed.
Also: How long should a password last in 2023? You are asking the wrong question
The Singapore government will continue to monitor the fraud landscape in future implementation of the framework, the regulators added. Industry and public feedback on the proposed paper is due by December. 20.
Scam losses are on a global growth trajectory, with 25.5% of citizens losing nearly $1.03 trillion to fraud or identity theft in the past year, according to The latest statistics from the Global Anti-Scam Alliance and ScamAdviser. In comparison, $55.3 billion in 2021 and $47.8 billion in 2020 were lost to scams.
Singaporean victims lost the most on average, losing $4,031 each, followed by their counterparts in Switzerland at $3,767 and Austria at $3,484 for each victim, the report found.
The number of scams and cybercrimes in Singapore increased by 25.2% last year, with 33,669 reported, up from 26,886 in 2021. The number of scams is high, resulting in victims losing SG$660.7 ($501.9 million), which is 4.5% more than $1220,23 million according to the Singapore Police Force.
Also: 3 Biggest Social Media Scams Americans Are Falling For
Phishing, e-commerce, and investment scams were among the top five most common tactics used against victims, making up 82.5% of the top 10 types of scams. Phishing cases topped the list, with 7,097 cases reported in 2022, up 41.3% from 2021.
IMDA said the mandatory SMS sender ID registry has reduced the number of scam SMS cases by 70% in the three months since its launch in January.