S’pore banks to remove clickable links in SMSes & add more stringent measures within next 2 weeks


The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) have introduced a set of additional security measures for banks in Singapore and they will take effect within the next two weeks.

The measures include:

  • Removal of clickable links in emails or SMSes sent to retail customers
  • Threshold for funds transfer transaction notifications to customers to be set by default at S$100 or lower
  • Delay of at least 12 hours before activation of a new soft token on a mobile device
  • Notification to existing mobile number or email registered with the bank whenever there is a request to change a customer’s mobile number or email address
  • Additional safeguards, such as a cooling-off period before implementation for requests to key account changes such as in a customer’s key contact details
  • Dedicated and well-resourced customer assistance teams to deal with feedback on potential fraud cases on a priority basis
  • More frequent scam education alerts

This after the recent spate of SMS-phishing scams targeting bank customers. Some 470 OCBC customers lost at least S$8.5 million to SMS phishing scams last month. OCBC announced to day that it would cover the losses suffered by its customers in full.

Managing Director of MAS Mr Ravi Menon said: “MAS is deeply concerned about the recent spate of scams and the financial losses suffered by victims. The threat of scams will not go away, but we can reduce our vulnerabilities. This requires a multi-pronged response across the ecosystem. MAS, together with the Police, IMDA and other relevant government agencies, is working closely with the financial industry, the telco industry, consumer groups, and other stakeholders to strengthen our collective resilience against scam attacks. We will ensure that digital banking remains secure, efficient, and trusted.”

Here’s a PSA

While these measures provide an additional layer of security, customers must remain vigilant as scammers are quick to adapt in targeting unsuspecting consumers.

To avoid falling for online banking scams, please do the following:

  • Never click on links provided in SMSes or emails;
  • Never divulge internet banking credentials or passwords to anyone;
  • Verify SMSes or emails received by calling the bank directly on the hotline listed on its official website;
  • Verify that you are at the bank’s official website before making any transactions, or transact through the bank’s official mobile application; and
  • Closely monitor transaction notifications so that any unauthorised payments are
    reported as soon as possible to increase the chances of recovery

Cover image credit: Google Streetview