Reply to Parliamentary Question on Unauthorised Bank Transactions
QUESTION NO 1307
NOTICE PAPER 514 OF 2021
FOR ORAL ANSWER
Date: For Parliament Sitting on 26 July 2021
Name and Constituency of Member of Parliament
Ms Yeo Wan Ling, MP, Pasir Ris-Punggol GRC
To ask the Prime Minister (a) in the last six months, whether there is an increase in successful bank-related cyber scams or unauthorised bank transactions involving victims not divulging their OTPs, IDs or passwords to scammers; (b) who bears the financial loss when the unauthorised transaction is not due to the banks’ lapses or non-compliance with MAS rules and the consumer has not given his login information to a third party; and (c) whether victims who suffer financial loss can be given financial help during the period of investigation and recovery.
Answer by Mr Lawrence Wong, Deputy Chairman of MAS and Minister for Finance, on behalf of Mr Tharman Shanmugaratnam, Senior Minister and Minister in charge of MAS:
1. Generally, consumers who have suffered financial losses from fraudulent transactions are protected as long as they have acted responsibly.
2. For online card transactions, if a merchant has not adopted a system which requires consumers to authorise transactions using one-time passwords (“OTPs”), a consumer will not be liable for an unauthorised transaction. For lost or stolen cards, a consumer’s liability is capped at $100 for lost or stolen cards, provided he/she has not been careless and has reported the loss promptly.
3. Likewise, for non-card e-payments, consumers who have practised proper cyber hygiene and have not been negligent will not be liable for any losses arising from unauthorised transactions that do not exceed $1,000. For unauthorised transactions exceeding this limit, financial institutions will investigate further on the root cause of the issue before liability is established. Where the unauthorised transaction arose because of lapses or non-compliance with MAS’ rules by the financial institution, the consumer will not be liable.
4. The question raised by Ms Yeo pertains to a situation where neither the consumer nor the financial institution is at fault. Specifically, the consumer has not given out his credentials to a scammer, and there were no lapses or non-compliance on the part of the financial institution. Between Sep 2020 and Feb 2021, the Singapore Police Force (SPF) received a total of 89 reports of fraudulent card transactions performed with SMS OTPs, where victims claimed that they neither performed the transactions nor received any SMS OTPs to authorise the transactions. While these cases represent less than 0.1% of fraudulent online card transactions reported, and the number of cases has come down since Mar 2021, it is nonetheless concerning.
5. SPF and the Infocomm Media Development Authority (IMDA) are investigating these cases. MAS has however asked financial institutions to step up vigilance towards such fraud. Financial institutions have put in place additional measures, such as rejecting card payments made to common merchants previously linked to the unauthorised transactions, or placing limits on the transaction amounts that consumers can transact with such merchants.
6. MAS also expects financial institutions to ensure that consumers are treated fairly whilst investigations are ongoing. For instance, banks have waived finance charges and late fees on the outstanding amounts, or offered temporary goodwill credits on the consumers’ credit cards in the interim. For those who wish to settle on the issue, banks may also offer partial waiver of the disputed amounts, taking into consideration individual circumstances, such as financial hardship, and whether there were indicators of negligence by the consumers.
7. MAS is working with the industry to review the existing framework to provide greater clarity on the responsibilities and liabilities of consumers and financial institutions in the case of fraudulent payment transactions. The review will include the scenario where neither the consumer nor the financial institution was remiss in allowing the fraud to occur. The framework should provide a balance of incentives for all parties to do their part in preventing fraudulent transactions, while ensuring that consumers who are not at fault are protected.