10 Facts About the New Measures That Banks in S’pore Have to Follow, Like No Links in SMSes or Emails

Is the text from OCBC really from OCBC?

Not to worry, as more measures will be enacted within the next fortnight to boost the security of digital banking.

Here are 10 facts about the new measures banks have to follow.

Why Now?

For those confused as to why scams are such a big deal now: it is all because of the recent OCBC phishing scam. At least 469 people have been scammed by SMSes pretending to be OCBC Bank since December 2021. A total of $8.5 million was also lost in December alone.

To know more about the scam, watch this to the end:

OCBC has since been under fire for their substandard response and customer support, and the Monetary Authority of Singapore (MAS) is considering taking action against OCBC’s negligence.

OCBC announced that they’ll be making goodwill payouts to scam victims. Recently, DBS has also started alerting customers of potential scam messages.

With a rise in the severity and number of phishing scams, here are some of the measures all banks will have to adopt by the next two weeks.

No More Clickable Links in SMSes or Emails

The recent OCBC scams involved scammers sending customers a link to a cloned version of OCBC’s website. Customers would then enter their digital banking information to resolve any “issues” with their account.

Now, banks will be required to eliminate any clickable links in SMSes or emails to customers. If you still receive any correspondence by banks with any links in it, you’ll know for sure that it’s a scam.

Default Limit of $100 or Lower for Funds Transfer Transaction Notifications

Many scam victims didn’t realise that their accounts were compromised… till they received notifications that tens of thousands of dollars were being transferred.

Needless to say, the victims must have gotten the shock of their lives.

Now, with a limit of $100 or lower, you’ll always know if there are any unauthorised transactions from your account even before your losses hit a hundred.

At Least 12-hour Delay Before Activation of New Soft Token on Mobile

Some scam victims have reported that the scammers activated their OneToken to increase their transaction limits. OneToken is OCBC’s digital authentication tool for e-transactions.

Learning from this lesson, all banks will have to implement a 12-hour delay before any activation of new soft tokens online. This ensures that the victim and the banks have enough time to verify the legitimacy of the activation request before the scammers drain their bank accounts.

Cool-Off Period Before Implementation of Important Account Changes

Many scammers also changed the victims’ account settings like their mobile numbers or emails registered with the bank. This allowed the scammers to have full control of the account.

Even though the victims received messages alerting them of these account changes, the immediate implementation meant that by the time victims could contact OCBC, the scammers already held full control.

There will now be a delay between the request for account changes and the actual changing of account details. This gives customers more time to take action against unauthorised changes.

More Frequent Scam Education Alerts

After the bank detected the scam in early December last year, it had issued multiple alerts and warnings to customers through various mediums. For instance, they sent SMS messages to all customers on 30 December last year and 4 January this year.

Image: Screengrab of OCBC SMS

You might be seeing more of such messages and alerts soon, as all banks will be required to increase the frequency of their scam education alerts.

Join our Telegram channel for more entertaining and informative articles at https://t.me/goodyfeedsg or download the Goody Feed app here: https://goodyfeed.com/app/ 

Dedicated and Well-Resourced Customer Service Teams for Scams

One of the main complaints the scam victims had was that OCBC’s customer service hotlines were slow and unequipped to handle the scams.

This has been rectified, as every bank from now on will be required to have customer service teams dedicated to dealing with scams. Dealing with potential fraud cases will also be moved up on the banks’ priorities.

Adoption of SMS Sender ID Registry to Prevent Spoofing

Scammers can pretend to be OCBC by cloning a legitimate sender ID via SMS, also known as spoofing. This allows the scammer’s SMS to look like it is from the Bank, thus appearing in the same thread as the bank’s real SMSes.

However, spoofing may soon be a thing of the past.

Banks will now be registering their SMS sender IDs with the Infocomm Media Development Authority (IMDA). SMS messages from unauthorised usage of registered IDs will be blocked so that only official messages will appear in the same thread!

Fraud Surveillance Mechanisms To Be Strengthened 

The MAS is doubling up its checks on major financial institutions’ fraud surveillance processes.

This can thus ensure that all institutions are prepared to deal with the rising threat of online scams.

Customer Vigilance Is Still The Most Important!

Despite the banks’ and authorities’ best efforts, sometimes scammers may still be able to slip through the cracks.

Customer vigilance is ultimately the most important tool of them all to combat scammers. Here are some guidelines to follow so that you don’t fall prey to a scam:

  • Do your banking only at the banks’ official website or mobile apps. Key in the bank’s URL into your browser instead of clicking on links sent via SMS or email!
  • Information like log-in details or one-time passwords should not be given to anyone, nor keyed into any unverified websites.
  • Do not transfer money to strangers.
  • IOS users can also download the ScamShield app, which is an app by the Singapore authorities that blocks scam messages and calls.

Hopefully, with enhanced measures in place, there will be fewer scam victims for the rest of 2022.

Read Also:

Featured Image: Kenishirotie / Shutterstock.com