Response to two letters on SMS one-time passwords (SMS OTPs) diverted to perform fraudulent card payments - The Straits Times, 17 September 2021
We thank Mr Young Pak Nang and Mr Chwa Poh Kew for their letters (“How can customers be accountable for OTP fraud” and “Bank kept asking me to pay for OTP fraud transactions”, ST, 17 September 2021).
As noted by Mr Young, consumers routinely provide their credit card details to merchants for online and point-of-sale payments. If these credit card details are compromised by a third party, such as the merchant’s database being breached, consumers will not be considered to have failed to protect their card information. Consumers can be assured that as long as they have taken care to protect their card information and authentication credentials, they will not have to bear any unauthorised charges due to the diversion of SMS OTPs.
As pointed out by Mr Chwa, cyber criminals are constantly developing new and sophisticated methods and tools to target their victims. Financial institutions are continually reviewing and enhancing their measures to safeguard customers against new forms of attacks. At the same time, a consumer’s protection of his or her credentials is an important first line of defence against scams and frauds. MAS, together with the Singapore Police Force and MoneySense, our national financial education programme, actively alerts consumers to new methods adopted by scammers and how consumers can protect themselves.
Unfortunately, despite best efforts by both financial institutions and consumers, criminals may still succeed. MAS has commenced a review with the financial industry to establish a framework to provide greater clarity on the responsibilities and liabilities of financial institutions and consumers in the case of fraudulent payment transactions.
MAS will continue to work with all stakeholders to ensure e-payments remain safe and secure.
Director (Corporate Communications)
Monetary Authority of Singapore