SINGAPORE, Jan 11 — Urging financial institutions and telecommunication companies (telcos) to step up and assume greater responsibility in fighting scams and helping victims recover from their losses, several Members of Parliament (MPs) said that more needs to be done to protect customers from the scam scourge.
Speaking in Parliament on Wednesday (Jan 10), the MPs said that the recently proposed shared responsibility framework is a step towards the right direction, but it is still unfair to customers.
This is because the framework proposes that as long as banks and telcos can say that they have performed their stipulated anti-scam duties, such as sending alerts and providing a 24/7 reporting channel, they are not required to reimburse customers who suffered losses from scams.
They were speaking on a motion titled Building An Inclusive and Safe Digital Society. It was filed by MPs from the ruling People’s Action Party (PAP) who sit on the Government Parliamentary Committee for Communications and Information.
Advertisement
The motion, led by committee chairperson Tin Pei Ling from MacPherson constituency, consisted of 13 calls to action for a whole-of-nation approach to make the online space safer and more inclusive for all Singaporeans.
A total of 22 MPs spoke on a variety of issues, including cyberbullying, harassment, misinformation and the proliferation of deepfakes.
Some also raised concerns about the fairness of the loss-sharing framework, which was proposed by the Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority last October. The public consultation for the framework ended on Dec 20 last year.
Advertisement
The framework sets out who — among the financial institutions, telcos and consumers — is liable to bear the losses from scams when customers fall victim to them.
Ms Hazel Poa, a Non-Constituency MP from the opposition Progress Singapore Party, said that the framework’s scope was limited, while Associate Professor Jamus Lim, a Workers’ Party (WP) MP from the Sengkang Group Representation Constituency (GRC), called it “fundamentally unfair”.
Marsiling-Yew Tee GRC MP Hany Soh did not mention the framework explicitly, but she highlighted that large organisations, such as banks and e-commerce platforms, need to do more to prevent losses from online scams and bear the consequences.
Mr Gerald Giam, a WP MP from Aljunied GRC, echoed these sentiments.
Other than the three groups covered by the framework, he added that social media companies and mobile phone handset manufacturers should also be held accountable for securing their platforms against scams.
Limited scope of framework
Ms Poa said that there is limited protection offered by the framework, which covers only phishing scams, for example.
There is no coverage for other scam types, such as those involving malware, impersonation of police officials, as well as fake investments or tricksters feigning romantic interest to con unwitting victims.
“For example, in the recent case of a family losing their life savings due to downloading malware when they tried to buy organic eggs, the shared responsibility framework does not help them at all,” she said.
Ms Poa then pointed out that the required duties to be carried out by financial institutions and telcos are “extremely limited” as well.
Under the framework, financial institutions have a set of anti-scam duties:
• Impose at least a 12-hour cooling period after activation of a digital token, during which high-risk activities cannot be carried out
• Send notification alerts for activation of digital token and conduct of high-risk activities
• Provide outgoing transaction notifications by SMS, email or in-app notification selected by the consumer
• Provide a 24/7 reporting channel and a self-service feature for consumers to block online payment transfers from their accounts
Last year, Mr Alvin Tan, Minister of State for Trade and Industry, said that if the financial institutions and telcos had discharged the above duties fully, victims of phishing scams would then have to bear the loss.
However, Ms Poa said that the four duties do not create a sufficient incentive for financial institutions to proactively protect their customers and remove the potential for fraud from their systems.
This is “clearly not balanced”, she said, noting that banks wield control over their banking apps and the payment processes, but it is the customers who have no control that pay the price for any “inadequacies”.
Ms Poa suggested a shared liability model where banks offer different security levels, and customers can choose their preferred security options.
The higher security option would offer 75 per cent of reimbursement for losses, while lower security offers 50 per cent, creating incentives for both banks and customers to be vigilant against scams, she said.
Banks should do more to mitigate scams
In his speech, Assoc Prof Lim said the proposed framework has become less about fairly distributing losses and more about distributing responsibilities, despite its original aim of determining how the loss is shared.
He added that this approach would absolve financial institutions and telcos from the costs of businesses “so long as they have done their part”.
“Should there be a realised loss, so long as the financial institution or telco operator demonstrate that they’ve satisfied a certain set of obligations — which aren’t even exhaustive — their loss share will not be half, it won’t be a third or even a quarter.
“It will be zero. This cannot be fair,” he said, later suggesting that consumers bear losses of no more than S$500, with the rest to be absorbed by financial institutions and telcos.
Ms Soh, the Marsiling-Yew Tee GRC MP, said that she recently encountered a resident, one Mr Yu, who had lost more than S$6,000 in unauthorised transactions after falling prey to a malware scam.
Despite his request to terminate these transactions immediately, Mr Yu was told by the bank’s customer service to wait for his next monthly statement of account as proof before raising a dispute on the fraudulent transactions.
In the end, the resident had to bear 50 per cent of the unauthorised transacted sum after the bank took almost six months to investigate.
“It is, therefore, understandable that Mr Yu remains aggrieved and perplexed as to why the bank had refused his request to terminate these fraudulent transactions in time.
“To add insult to injury, the bank, in a written response, reminded him ‘to always take care of your credentials and refer to the bank’s website for more information about how to protect from scams’,” she said.
She added that the bank seemed to “conveniently” expect customers to fend for themselves.
“By taking such an approach, it could deter more people from becoming active participants in our digital society, and cause more to lose faith in our banks’ credibility.”
Banks could thus do more, such as by adopting better anti-phishing solutions, improving authenticity verifications, and being extra vigilant towards abnormal transactions.
Getting key entities to be more accountable
Responding to the concerns raised, Communications and Information Minister Josephine Teo said that the Government will consider enhancing the accountability of key entities and strengthening protection for individuals within the shared responsibility framework or through other means available.
The proposed framework primarily covered phishing scams because they were the main contributor to fraudulent transactions when it was being designed.
The duties for banks and telcos were specified to “clearly” hold them accountable to the victims.
However, Mrs Teo said that other avenues of recourse are available for scam victims should the measures be unable to grant them payouts from banks and telcos.
Without giving specific examples, she said that MAS has “leaned on the banks to be more accommodative” in applying these frameworks when reviewing different cases.
“These include the banks’ goodwill frameworks, which can provide some comfort to victims of new scam tactics,” she added. Goodwill frameworks refer to goodwill payouts made by banks and financial institutions, at their discretion, to victims of scams. — TODAY