Striking a Balance: Singapore's May Split Liability For Financial Scams Between Banks & Victims29/9/2023
The digital age has brought tremendous convenience, but it has also birthed new forms of crime. Financial scams, such as phishing, have been a persistent issue causing substantial losses to both individuals and financial institutions. In response to this growing concern, Singapore is delivering a consultation paper detailing a split liability scheme, which aims to ensure that the burden of financial losses due to scams is shared between consumers and banks. This article delves into the details of this approach, its implications, and the need for such measures in today's digital landscape. How Did The Idea of Split Liability Come About? The catalyst of a shared liability strategy came about in February 2022 after cybercriminals stole a combined SG$13.7 million (US$10.2 million) from around 800 customers of a single bank [the Overseas-Chinese Banking corporation (OCBC)] via the use of spoofing text messages. These SMS disguised as messages sent from OCBC, asked account holders to click a link to resolve account issues that redirected them to a fake bank website. This allowed the cybercriminals to collect their logins and passwords. This resulted in the cybercriminals being able to transfer the digital token over to their own devices, and drain the victims’ accounts. Initially, OCBC offered “goodwill” payments to only 6.4% of victims. It was only when the Monetary Authority of Singapore (MAS) threatened action, did OCBC change their stance and stated that they would issue “full goodwill payouts” to all victims. The sheer amount of required payouts make Singapore rethink their anti-scam measures. The then-minister of finance, now deputy prime minister, Lawrence Wong stated that there would be a shared responsibility for any losses by both banks and customers. This is to prevent customers having a “weaken[ed] incentive to be vigilant” against phishing scams, in particular social engineering scams. What About Other Countries? The UK will enforce a mandatory reimbursement by banks within 48 hours to customers that have been scammed to send money to scammers in 2024. This new mandatory reimbursement system by the Payments Systems Regulators (PSR) are designed to ensure that customers will get a refund if they fall victim to authorized push payment fraud (APP), which is where a victim is tricked into making a payment to scammers posing as a legitimate organization such as a bank or police. The PSR proposed that banks must reimburse payments over 100 pounds to a maximum of a million pounds, although many banks have lower limits. This reimbursement bill will be shared between the sending and receiving banks. Australia seems to be adopting similar measures, whereby the country’s financial services minister, Stephen Jones, has said the government is “going to ensure that the banks are accountable for much more”, and that they will “probably look at something which travels in the same direction” as the UK. This comes after a recent report whereby they found that Australia’s big banks reimburse less than 5% of scam victims. Similarly, the European Commission has also proposed refunding victims of authorized payment fraud in certain circumstances. Why is Singapore Going Forward With the Liability Scheme? Based on the views of other countries, it seems that Singapore is going in a different direction. As Alvin Tan, Singapore’s minister of state, told the Parliament, it seems that some have the perception that banks can easily absorb losses from these scams. However, making banks fully responsible for these losses without considering culpability “is neither fair nor desirable”. And as talked about above, they are afraid that if banks become fully responsible for the losses, this could de-motivate customers to be vigilant towards scams, making customers complacent. Tan did also state that in scam cases, banks have to “consider if they have fulfilled their obligations, and whether the victim had acted responsibly.” Elaborating further, Tan did state that victims who did practice good cyber hygiene, and did their best such as “preventing their login information and [one-time passwords] from being divulged to third parties, should not have to bear losses”. What This Means… Based on this, it seems that under the new scheme, consumers are expected to exercise due diligence in their financial transactions, and banks are expected to enhance their security measures and educate consumers on potential risks. Banks are accountable for ensuring a safe banking environment, and have to promptly investigate and resolve scam cases. However, they will not be the sole bearers of financial losses. Consumers who follow best practices are less likely to suffer losses and therefore share in the responsibility for any financial setback. Disagreement to the Scheme However, there are disagreements within the parliament itself on this stance. Slyvia Lim, a parliament member, said that “banks should take on an outsized role in preventing [scams]”, and that banks in Singapore should be required by law to fully reimburse scam victims. Her underlying argument was that customers are not well-equipped as compared to banks to combat scams, as customers do not have the resources and position that banks have. Furthermore, she states that Singapore should adopt the UK system of mandatory reimbursement that will be implemented in 2024, and it can be “scoped to protect customers who are consumers, small businesses and charities.” Lim also said that more has to be done for scam victims, as currently some Singapore banks’ goodwill payments are “paltry” compared to the victims’ losses. Such goodwill offers are usually tied to non-disclosure agreements, which not only needs customers to maintain confidentiality but also forgo all rights to recover further sums. Lim called these agreements to be one-sided, and pushed MAS to consider establishing regulatory guidelines in the settlement of consumer disputes. As of today, the consultation paper on the framework of the liability scheme has not yet been published due to the complexity of issues involved. The government aims to issue the public consultation paper in the 3rd quarter of 2023. Implications of the Split Liability Scheme The split liability scheme brings several implications to the fore: 1. Promoting Awareness and Responsiveness This approach encourages consumers to be vigilant and take precautions when engaging in financial transactions, fostering a safer digital ecosystem. 2. Financial Prudence Consumers are incentivized to exercise caution and implement security measures, fostering financial prudence and minimizing potential losses. 3. Shared Responsibility By distributing accountability, both consumers and banks must actively collaborate to mitigate the risks of financial scams. This strengthens the overall security landscape. Takeaway The introduction of the split liability scheme in Singapore represents a fundamental shift in how financial losses due to scams are perceived and managed. By distributing accountability, this approach aims to instill responsibility, awareness, and prudence within the financial ecosystem. Striking a balance between consumer caution and enhanced bank security, the split liability scheme is a step towards a more secure and informed digital future for Singapore. As technology continues to evolve, so do the strategies to combat cyber threats. The split liability scheme is a testament to Singapore's commitment to adapting and innovating in the face of modern challenges. It's a paradigm shift that could set the tone for similar initiatives globally, as societies grapple with the ever-changing landscape of digital risks and financial scams. Related Topics Navigating the Digital Peril in Singapore: Phishing & Ransomware Continue To Pose Significant Risk Singapore Healthcare Cybersecurity Compliances You Must Know Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|