As scams grow to become increasingly sophisticated in Singapore, consumers, banks, and telecommunication providers face escalating losses from unauthorised digital transactions. To combat this, the Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority (IMDA) have launched the Shared Responsibility Framework (SRF).
This framework aims to fairly distribute the responsibility for financial losses incurred through phishing scams, emphasizing the role of financial institutions (FIs), telcos, and consumers in minimising fraud, which represents a new era and innovation in scam prevention.
The Rising Tide Of Scams In Singapore
Singapore has seen a significant rise in financial scams, with phishing and malware scams targeting digital banking customers and resulting in millions of dollars in losses. In recent years, many scams have targeted consumers through fake banking sites and spoofed SMS messages, luring victims to unknowingly share their bank details and One-Time Passwords (OTPs).
For instance, over 200 DBS Bank customers lost SGD 446,000 to sophisticated scams in recent January and the arrest of 35 individuals for suspected involvement in banking scams with government official impersonation in recent October, highlights the urgency for stronger protections. Traditional countermeasures (such as two-factor authentication and biometrics) alone have proven insufficient against such well-coordinated scams, prompting MAS and IMDA to propose a unified approach that assigns responsibility across all relevant parties.
Expanding Anti-Scam Efforts Across Singapore
The SRF is part of a broader anti-scam strategy by Singapore’s government, which includes educational initiatives, collaborative efforts with banks, and law enforcement operations to combat scams. For example, the government is working closely with banks to educate the public on avoiding scams through regular alerts, while the police conduct joint operations with banks to warn potential scam victims.
DBS, OCBC, and UOB have also launched their initiatives, including proactive scam alerts, partnerships with counseling centers for victims, and collaboration with regulatory bodies to produce anti-scam educational content. These programs aim to bolster Singapore’s digital ecosystem, ensuring it remains safe and trusted for users.
What Is The Shared Responsibility Framework (SRF)
The Shared Responsibility Framework (SRF) in Singapore was established jointly by the Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority (IMDA) following a consultation process with various stakeholders. This framework, set to take effect on December 16, 2024, is structured to address rising phishing scams, assigning accountability primarily to financial institutions (FIs) and telecommunications providers (telcos) if they fail to meet their defined anti-scam obligations.
Consumers remain responsible for practicing cyber vigilance and reporting suspicious activity swiftly, completing the three-party structure of the SRF. Within the SRF’s “waterfall” hierarchy, FIs bear the primary responsibility to secure customer funds, requiring them to alert customers in real time about high-risk transactions, offer self-service options like “kill switches” for account freezes, and ensure robust fraud surveillance. Telcos support this structure by protecting SMS channels used in digital banking, blocking unauthorised senders, and filtering out malicious links to mitigate phishing attempts.
If either FIs or telcos fail in their roles, they are liable for covering customer losses. Phishing scams that involve deceptive messages leading to unauthorised transactions fall under the SRF, while scams from unauthorised or malware-based hacking are currently excluded. In this structure, financial institutions are expected to take primary responsibility for safeguarding funds, telcos for ensuring secure SMS communications, and consumers for practicing vigilant behavior in online banking.
How Scam Claims Will Be Handled Under The SRF
In case of financial losses from phishing scams, the SRF outlines a streamlined claim process which are managed by financial institutions as they are designated as the primary contact point (to reduce consumer burden). The process is as follows:
Claim Submission: Consumers can file a claim through their financial institution (DBS, OCBC, UOB etc.) , which will determine if it falls within the SRF scope.
Investigation: Financial institutions, and telcos when relevant, conduct independent investigations into the claim, which would take a rough duration of 21 business days or up to 45 business days if any party involved is overseas and uncontactable during the investigation period.
Further Recourse: After investigation results are released by the relevant authorities, dissatisfied consumers can seek additional avenues for redress, including the Financial Industry Disputes Resolution Centre (FIDReC).
This multi-step process ensures fair treatment of scam victims and provides transparency in how claims are handled, which is essential for consumer confidence.
Financial Institutions’ Responsibilities
Under the SRF, banks must implement proactive measures to prevent unauthorised transactions. Key responsibilities include:
Real-Time Fraud Surveillance: Banks are required to enforce real-time fraud surveillance to detect and prevent unauthorised transactions from phishing scams. This aims to swiftly identify suspicious activity, particularly when large sums are being drained from a customer’s account, often within minutes of a phishing attack. The banks would monitor accounts for unusual transactions, such as sudden transfers exceeding half of a balance of S$50,000. And when detected, either block the transaction completely or hold it for 24 hours to confirm with the account holder.
Real-Time Notifications: Banks are required to send immediate alerts for high-risk activities, such as activation of digital security tokens or large transfers. This enables consumers to spot and react to suspicious activity instantly, potentially stopping unauthorised transactions.
Cooling-Off Periods: The SRF mandates a 12-hour cooling-off period for high-risk actions, like activating a security token on a new device. This delay provides consumers time to identify potential fraud and secure their accounts before the scammer gains full access.
Kill-Switch Mechanism: Banks must also provide an accessible kill-switch, enabling customers to instantly freeze their accounts upon noticing unusual activity.
These requirements align with global trends in scam prevention, reflecting an evolving need for real-time defenses against rapid, coordinated cyber-attacks.
The Role Of Telecommunication Providers
Telecom companies play a crucial part in reducing the risk of SMS-based scams. The SRF places specific duties on telcos, such as:
SMS Sender ID Registry: Telcos must ensure all SMS messages from registered banking entities include verified Sender IDs. This aims to reduce spoofing, where fraudsters manipulate sender IDs to imitate legitimate bank messages.
Blocking Suspicious SMS Content: By scanning SMS messages for known malicious links and blocking suspicious URLs, telcos can stop fraudulent messages from reaching consumers, further protecting them from falling into phishing traps.
Telcos in Singapore have already started implementing these safeguards, and the SRF provides additional layers to keep communications secure, enhancing consumer trust in the security of SMS notifications.
Consumers’ Responsibilities In The SRF
While banks and telcos have responsibilities under the SRF, consumers must also play an active role in protecting their accounts. Singapore’s authorities emphasise the importance of consumer vigilance, encouraging best practices such as:
Avoiding Suspicious Links: Consumers should refrain from clicking on links in SMS messages or emails, particularly if they appear to be from financial institutions. Banks in Singapore have ceased the operation of sending clickable links to mitigate this risk.
Installing Security Measures: Using two-factor authentication, enabling transaction notifications, and setting transaction limits are highly recommended to limit exposure to scams.
Utilizing ScamShield and contacting your bank: Consumers are advised to install ScamShield, a government-endorsed app designed to block fraudulent calls and SMS messages. Additionally, bank hotlines and websites are also available to report suspicious activities instantly.
These practices are especially vital as scams become more sophisticated, exploiting even minor lapses (such as replying to a cleverly disguised SMS) in consumer caution to access sensitive information.
How The Waterfall Approach Allocates Accountability
The SRF operates on a structured “waterfall” approach to determine liability based on each party’s adherence to their duties. If banks fail to meet their prescribed requirements, they bear full responsibility for the financial losses. Should telcos fail to fulfill their responsibilities, they are next in line for accountability.
If both banks and telcos fulfill their obligations, consumers assume responsibility for any resulting losses, underscoring the need for ongoing consumer vigilance. This accountability structure provides a comprehensive framework, addressing potential scenarios that may occur in phishing scams and reinforcing preventive measures across all stakeholders.
Moving Forward: The Global Perspective On Shared Responsibility Frameworks
The SRF draws inspiration from similar frameworks in other countries such as Hong Kong and Australia, underscoring the need for international cooperation to address global scam trends. As more countries adopt shared responsibility models, Singapore’s SRF may serve as a model for neighboring regions grappling with rising phishing and digital fraud.
As the digital landscape continues to evolve, the SRF stands as a necessary adaptation, aligning all parties in the fight against scams. This cooperative approach not only aims to protect consumers but also strengthens the overall resilience of Singapore’s financial infrastructure.
The Shared Responsibility Framework is a promising solution to an urgent and complex problem, distributing accountability while enhancing preventive measures across all stakeholders. For Singapore’s consumers, it represents a pivotal shift towards a safer and more secure digital experience.
Read Also: 4 Internet Habits To Adopt To Prevent Scams
Listen to our podcast, where we have in-depth discussions on finance topics that matter to you.
Advertiser Message
How Many Money Habits Do You Practise?
Whatever financial goals you’ve set for yourself, take small, consistent steps towards them by adopting good Money Habits. Tap in and learn how to make money decisions that are right for you, at every stage of life here.