Banks in Singapore Must Take Steps to Protect Customers from Online Fraud
Banks in Singapore are being required to take steps to help protect customers from online fraud. The new measures require that the banks provide customers with a kill switch that lets them suspend their accounts in the event of a breach. They also have to improve their fraud surveillance systems. Customers are being urged to use mobile banking aps instead of visiting bank sites in browsers.
Many of the steps required earlier are remedial measures to get up to common practice levels of fraud reduction. The self-service kill switch in place of a phone call seems likely to have unintended consequences of driving calls up when hit accidentally. The move to more use of mobile banking apps reinforces the importance of the mobile telecom service providers and cell phone vendors stepping up the pace of pushing out security updates to all devices, and for Apple and Google to reduce the quantity of fraudulent or “leaky” apps that make it into the Apple App Store and Google Play.
This is an interesting option, there will be some user training as all parties also learn when not to use this feature. Too often legitimate transactions are mistaken for fraud when the supporting details are inaccurate or truncated, such as POS systems still including test or outdated information in their name. Note the user is expected to call the help desk or use an ATM to initiate the lock. Increased functionality in mobile applications is welcome, don't overlook weaknesses in the web interface, APIs or other entry points needed to support online users. Make sure users can equally access supporting details for transactions from all provided entry points.