Parliamentary Replies
Published Date: 06 February 2018

Reply to Parliamentary Question on the security of cashless transactions and contingency plans for network breakdowns and power failures

QUESTION NO 749

NOTICE PAPER 1042 OF 2018

FOR WRITTEN ANSWER

Date: For Parliament Sitting on 5 February 2018

Name and Constituency of Member of Parliament

Ms Joan Pereira, MP, Tanjong Pagar GRC

Question:

To ask the Prime Minister (a) what are the measures in place to ensure all cashless transactions originating in Singapore are encrypted and secure; and (b) what are the contingency plans in place in the event of network breakdowns and power failures.

Answer by Mr Tharman Shanmugaratnam, Deputy Prime Minister and Minister in charge of MAS:

1. MAS takes seriously the security of electronic payment transactions. Encryption is one of the safeguards against cyber threats and fraud concerning e-payments, but not the only one needed. The specific measures that payment service providers must put in place depend on the risks associated with different e-payment modes, and they include:

a. Strong authentication such as the use of biometrics or dynamic passcodes to verify customers’ identity and to authorise electronic payment transactions;
b. Encryption to protect sensitive information against unauthorised access during data storage and transmission;
c. Fraud monitoring to facilitate timely detection and blocking of suspicious transactions;
d. Transaction notification via SMS or Email to alert customers when transactions exceed a specific threshold or when unusual payment behaviours are observed.

2. The contingency plans that have to be put in place for a network breakdown or power failures, will depend on how each system is designed and the criticality of the service provided. FIs are required by MAS to have plans, such as back-up power supply or an alternate telecommunications service provider, to ensure continuity of service during disruptions.

3. MAS conducts periodic reviews of FIs to assess the adequacy of controls to manage technology and business continuity risks.

***