Phishing is a scam that involves obtaining user and account data through digital messages from scammers containing links to fake websites that request sensitive account credentials and information from consumers. Scammers then access consumers’ bank accounts and undertake unauthorised transactions. An estimated 15,000 phishing scams occurred between 2021 and mid-2023, with losses averaging S$3,900 per scam. In February 2022, about 800 OCBC customers lost a combined S$13.7 million to scammers.
On 25 October 2023, the Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority (IMDA) published a joint consultation paper proposing a Shared Responsibility Framework (SRF) for phishing scams. Broadly:
If an unauthorised transaction takes place, payouts will apply on a ‘waterfall’ basis:
The claim process will be administered by the responsible Bank which will be the overall point of contact with the consumer. The 4 stages of a claim will involve:
There is currently no envisioned upper limit to the amount of losses that banks or telcos are to bear.
The SRF is a welcome development to reinforce consumer confidence in digital banking and enhane the accountability of the banking and telco channels. The SRF Consultation Paper is presently open for public comment and will close on 20 December 2023. The finalised SRF will likely incorporate tighter liability parameters, including possibly an upper limit on individual claim amounts (perhaps based on existing deposit insurance scheme limits) so that banks and telcos can manage their risks accordingly.
For further information, please contact:
Ting Chi Yen
JTJB Singapore Office