by Johanan Devanesan
October 31, 2023
The advent of digital payments and transactions has undoubtedly transformed the way we conduct financial transactions, making our lives more convenient and efficient. However, this digital revolution has also given rise to an alarming surge in digitally-enabled scam scenarios and corresponding financial losses on a global scale.
Scammers are continuously evolving their techniques, becoming increasingly sophisticated in their attempts to exploit unsuspecting victims for their own financial gain. In this article, we delve into the world of scams, their escalating impact, and the proposed solutions to combat this growing menace.
The Global Scam Epidemic
The proliferation of scams is a pressing global issue, with perpetrators exploiting vulnerabilities across various platforms and sectors. One notable case occurred in Singapore in late 2021 when a phishing scam impersonated OCBC Bank, leading to substantial financial losses for individuals. More recently, a series of malware scams have gained prominence, further exacerbating the problem.
A Collaborative Response to the Shared Responsibility Framework (SRF)
To address the escalating issue of scam-related losses, the Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority (IMDA) have proposed a Shared Responsibility Framework (SRF). This framework aims to distribute the responsibility for scam losses among financial institutions (FIs), telecommunication operators (telcos), and consumers, specifically concerning unauthorised transactions resulting from phishing scams.
Under the SRF, FIs and telcos will offer compensation to victims of specified phishing scams, provided that specified anti-scam duties are breached. The implementation of the SRF is expected to create a more expedient channel for consumers to seek recourse when they fall victim to scams. This collaborative approach is designed to protect consumers and reduce the financial burden placed on victims of scams.
Public Input and Regulatory Measures
MAS and IMDA are actively seeking input from industry stakeholders and the public on key aspects of the SRF framework. These guidelines, which will underpin the operation of the SRF, will be jointly issued by MAS and IMDA. By involving stakeholders and the public in the decision-making process, regulatory bodies aim to create a comprehensive and effective strategy to combat scams.
The SRF builds upon MAS’ E-Payments User Protection Guidelines (EUPG), which have been pivotal in safeguarding consumers’ interests in the digital payment landscape. Concurrently, MAS is soliciting feedback on proposed revisions to the EUPG, following a review conducted by the Payments Council. These proposed enhancements aim to further strengthen the protection of e-payment users, ensuring that they are better equipped to guard against scams.
A Multi-Layered Approach to Combat Scam Losses
In Singapore, various stakeholders, including the government, banks, and other ecosystem players, have collaborated to implement a suite of anti-scam measures. This multi-layered approach involves a combination of regulatory frameworks, consumer education, and industry cooperation. By working together, these stakeholders aim to tackle scams comprehensively and mitigate their impact on consumers.
Under the SRF, responsible FIs are expected to fulfill specific anti-scam duties to safeguard their consumers from phishing scams. These duties are designed to ensure that essential communication channels are in place and that consumers are promptly informed about transactions or high-risk activities on their accounts.
Proposed Financial Institution Duties
In the event that a scammer successfully acquires a consumer’s credentials and activates a digital security token on a separate device, a 12-hour cooling-off period is mandated during which no ‘high-risk’ activities can be performed. This delay provides consumers with an opportunity to identify unusual activities on their accounts and take preventive action.
Responsible FIs must provide real-time notification alerts for the activation of digital security tokens and the execution of high-risk activities. These alerts serve as early warnings for consumers to detect unauthorised activity and take immediate action if necessary.
Real-time outgoing transaction notifications are crucial for prompting consumers to react swiftly to unauthorised transactions. These notifications enable consumers to report any suspicious activities immediately to their FIs, facilitating timely remedial action.
FIs must offer consumers a reporting channel for blocking unauthorised access to their accounts. Additionally, a self-service “kill switch” should be provided, allowing consumers to independently block their accounts to prevent further unauthorised transactions.
Proposed Telco Duties
Responsible telcos play a pivotal role in supporting FIs’ efforts to combat phishing scams by implementing measures to reduce the risk of scam SMS messages reaching consumers, detailed the framework document.
Telcos must ensure that Sender ID SMS messages originate from authorised aggregators registered with the SMS Sender ID Registry (SSIR). This requirement minimises the risk of subscribers receiving SMS with spoofed Sender IDs.
To prevent the delivery of Sender ID SMS from unauthorised or unknown sources, responsible telcos must block SMS messages that do not come from authorised aggregators. This measure further mitigates the risk of Sender ID spoofing.
Telcos are obligated to implement anti-scam filters for all SMS messages passing through their networks. These filters scan SMS messages for known malicious URLs, regardless of whether they originate locally or from overseas. This duty is a vital step in reducing the prevalence of scam SMS messages.
The “Waterfall” Approach
The assessment of responsibility for losses arising from unauthorized transactions in phishing scams will adhere to a “waterfall” approach, prioritizing accountability as follows:
FIs will take precedence in bearing full losses if they have breached any of their anti-scam duties. This acknowledges their primary responsibility as custodians of consumers’ funds. If FIs have fulfilled their SRF duties, but telcos are found to have breached their obligations, telcos will be expected to cover the full losses. Telcos play a secondary role as infrastructure providers for SMS communication.
If both FIs and telcos have fulfilled their SRF duties, consumers will bear the full losses. However, consumers can still seek further recourse through existing channels such as FIDReC. The “waterfall” approach simplifies the assessment of responsibility and encourages all parties to remain vigilant in upholding the safety of electronic payments.
Handling Consumer Claims
MAS and IMDA propose a four-stage workflow for processing consumer claims related to losses from phishing scams:
Claim Stage: Responsible FIs will serve as the primary point of contact for consumers and assess whether the claim falls within the SRF’s scope. If applicable, they will inform responsible telcos.
Investigation Stage: Responsible FIs and telcos (where applicable) will conduct a fair and timely investigation, ensuring independent processes for investigating consumer claims.
Outcome Stage: Responsible FIs will inform and explain the investigation outcome to the consumer.
Recourse Stage: If a consumer remains dissatisfied after the Outcome Stage, they can pursue further action through avenues like FIDReC or IMDA.
Throughout the SRF claims process, responsible FIs will be the primary interface for consumers. Responsible telcos will only intervene when necessary, minimizing the burden on consumers, particularly during distressing situations.
Government Anti-Scam Efforts
In addition to the SRF, the government has collaborated with industry players to combat scams. Banks have implemented enhanced safeguards to tackle malware scams and provided goodwill payouts to victims of various scam types. These measures have effectively mitigated the threat of malware scams, and the government remains committed to reviewing and enhancing anti-scam efforts to ensure their continued relevance.
In designing the SRF, MAS and IMDA have considered reimbursement frameworks for scam losses in other jurisdictions. Recognising the varying scam landscapes worldwide, different approaches may be necessary to address the unique challenges posed by each jurisdiction.
As digital payments and transactions continue to thrive, scams and financial losses have become a pervasive issue on a global scale. The Shared Responsibility Framework (SRF) proposed by MAS and IMDA aims to address the issue of scam losses in a fair and structured manner, distributing responsibility among FIs, telcos, and consumers. This approach ensures that all parties play their role in safeguarding electronic payments, ultimately contributing to a safer financial environment for all.
This post originally appeared on TechToday.