555 views
Photo from Freepik

Singapore push versus phishing may increase compliance costs

Including e-commerce, social media, and ISPs in the mandate may be a wise move.

A Singapore plan to assign duties to banks and telecommunication companies in the fight against phishing scams could increase compliance overhead, while creating a false sense of security among consumers who think they are fully covered.

Benjamin Tan, chief technology officer of one of  Singapore's major mobile network operators, SIMBA Telecom, formerly TPG Singapore, told Singapore Business Review in an email response that customers may have a misconception "that their losses are fully indemnified by the banks or telcos."

Liew Ying Yi, local principal for financial services regulatory at Baker McKenzie Wong & Leow, offered a different view, saying that the framework “is a step in the right direction and serves to strike the right balance between protecting vulnerable consumers on one hand and also discouraging complacency" on financial institutions and telco players.

Liew clarified that under the Shared Responsibility Framework by the Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority (IMDA), consumers still ultimately "bear the loss" if both financial institutions (FIs) and telcos fulfill their obligations.

The framework also sets out certain duties to consumers like not clicking on links provided in email or SMS unless these are informational links that the user is expecting to receive from the FI and to avoid sharing personal or account credentials, she pointed out.  

Phishing scams, a cyberattack that tricks people into sharing sensitive information through fraudulent emails, text messages, phone calls, or websites, have evolved beyond those relying solely on hyperlinks, Rakesh Kirpalani, director of Dispute Resolution & Information Technology, at Drew & Napier, said.

Liew said the government should include e-commerce platforms, social media companies, and internet service providers (ISP) in its so-called shared responsibility framework to improve the city-state’s defences against phishing.

The most effective way to boost Singapore’s defenses against phishing attacks remains to be public education, Kirpalani said.

Under the framework, banks must enforce a real-time fraud surveillance system and other anti-scam measures.

These include a 12-hour cooling-off period for activating digital security tokens, which Liew said could increase operational and compliance costs. 

Based on the rules that will take effect on 16 December, consumers are also entitled to payouts in case of corporate negligence.

On 30 November, the Singapore Police Force and MAS reported an uptick in the impersonation of banking and government officials. The number of cases and losses from phishing almost doubled to about 1,100 incidents covering more than $120m from a year earlier, they said. 

For the first half of 2024, authorities also reported an 18% year-on-year increase in scams and cybercrime cases to 28,751, with scams accounting for 92.5% of the total.

"We hope that MAS and the IMDA step up their public education of consumers so they will always be on the alert for phishing scams given the evolving methods used by scammers,” SIMBA Telecom Pte. Ltd. said in an emailed reply to questions.

Kirpalani said phishing strategies “move very quickly with technology,” and consumers should be able to spot their telltale signs.

The Association of Banks in Singapore, whose members include Singapore's big three — DBS Bank Ltd., Oversea-Chinese Banking Corp., and United Overseas Bank Ltd. — said it expects “some friction” in the customer journey under the framework.

“At times, legitimate transactions may be put on hold or blocked while financial institutions attempt to contact their customers to verify the transactions,” it said in a statement in October.

Liew expects to see  greater adoption of fraud detection technologies among banks, including artificial intelligence and machine learning algorithms that can detect and respond to suspicious activities in real-time.

While the measure could increase compliance costs, the good thing about it is that these will be shared by banks, telcos, and end-users, Kirpalani said. Liew, for her part, expects it to “incentivise higher standards of security and vigilance.”

Follow the link s for more news on

Join Singapore Business Review community
Since you're here...

...there are many ways you can work with us to advertise your company and connect to your customers. Our team can help you dight and create an advertising campaign, in print and digital, on this website and in print magazine.

We can also organize a real life or digital event for you and find thought leader speakers as well as industry leaders, who could be your potential partners, to join the event. We also run some awards programmes which give you an opportunity to be recognized for your achievements during the year and you can join this as a participant or a sponsor.

Let us help you drive your business forward with a good partnership!