Central bank's cyber security panel propose ways to fight AI risks and malware scams

Mobile banking and payments should have strengthened multi-factor authentication (MFA).

The Monetary Authority of Singapore's (MAS) cybersecurity advisory panel (CSAP) proposed strategies for securing mobile banking and payments amidst online banking scams.

CSAP's first proposed way is to "implement eco-system approach to fortify cyber defence and maintain trust and public confidence in online financial services."

"The panel underscored the need for a multi-pronged approach to stem mobile malware-enabled scams, including working closely with technology suppliers to reduce the threat of malicious side-loaded mobile apps," read the statement.

The second proposed way is to boost MFA for mobile banking and payments. The panel supported the adoption of “passwordless” and “out-of-band” authentication that functions separately from the mobile device used for performing mobile banking and payments.

The third is to increase awareness of the benefits and risks of the growing adoption of Generative AI (GenAI). 

"As more FIs leverage on GenAI to enhance their systems and business processes, there is an increasing need to guard against potential risks, including leakage of sensitive information and data poisoning," read the statement.

Financial institutions can manage the risks by implementing guardrails such as raising employee awareness on the safe use of GenAI, and establishing comprehensive data handling policies.

The fourth way is to leverage AI to enhance FIs’ cybersecurity capabilities. 

"FIs can deploy AI-enabled solutions in areas such as secure code development, security monitoring, threat hunting, and red-teaming to improve the effectiveness and robustness of their cyber defence," read the MAS statement.