The Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority of Singapore (IMDA) today announced that the Shared Responsibility Framework (SRF) for phishing scams, which was published for consultation on 25 October 2023
2 MAS and IMDA had proposed a SRF which assigns financial institutions (FIs) and telecommunication companies (Telcos) relevant duties to mitigate phishing scams, and sets expectations of payouts to affected scam victims where these duties are breached. Comments were sought on the scope of the SRF, duties of FIs and Telcos under the framework, and the approach for payouts for scam losses, among others.
3 MAS and IMDA received 72 responses from members of the public and representatives of businesses from the financial and telecommunication sectors when the consultation period closed on 20 December 2023. Overall, respondents welcomed the SRF and supported the efforts to better protect consumers. MAS and IMDA have considered the suggestions, and MAS will adopt a key area of feedback relating to fraud surveillance. MAS will introduce an additional FI duty to require real-time fraud surveillance directed at detecting unauthorised transactions in a phishing scam that result in account draining. This is in recognition of the severe impact on scam victims if their accounts are drained without their knowledge. MAS will allow a 6-month transition period from the date of the SRF’s implementation for FIs to be held to the fraud surveillance duty, as this was not within the four FI duties originally consulted on. Please refer to the enclosed annex for a summary of the key feedback on areas of wider interest.
4 The SRF will operate as part of the broader suite of upstream and downstream measures that Government, FIs, Telcos, and other ecosystem players have progressively implemented to tackle scams in Singapore. Beyond the SRF, banks also have their respective discretionary goodwill frameworks to support scam victims. The Government will continue to work with FIs and Telcos on other anti-scam measures to keep pace with the evolving scam landscape.
5 MAS and IMDA thank all individuals and organisations that have taken the time and effort to provide their feedback. Further details are set out in the response to the public consultation, which may be viewed at this link .
6 Ms Ho Hern Shin, Deputy Managing Director (Financial Supervision), MAS, said, “With the addition of a new fraud surveillance duty, some retail customers may experience more inconvenience when conducting larger value transactions. This additional friction is necessary to protect customers against large unauthorised transactions. Beyond the SRF, we are studying stronger, out-of-band authentication solutions, such as the use of Fast IDentity Online (FIDO)-compliant tokens
7 Ms Aileen Chia, Deputy Chief Executive (Connectivity, Development & Regulation), IMDA, said, “The SRF recognises Telcos as a supporting infrastructure provider for FIs. IMDA has worked closely with the Telcos to secure the SMS channel, an official channel adopted by FIs for digital banking, through the implementation of measures such as the mandatory SMS Sender ID Registry and anti-scam filter. These measures resulted in over 20 million SMSes being blocked since 2023. IMDA and Telcos will continue to play our part in strengthening the ecosystem against scams.”
***
[1] The public consultation ran from 25 October 2023 to 20 December 2023. For more details, please refer to https://www.mas.gov.sg/-/media/mas-media-library/publications/consultations/pd/2023/srf/consultation-paper-on-proposed-shared-responsibility-framework.pdf.
[2] Out-of-band authentication solutions rely on a separate communication channel to authenticate a user. A FIDO-compliant token is an authentication device that has to be in close proximity to the device used to perform a transaction.
