Lawrence Wong Says Bank Should Have Responded More Robustly To OCBC Phishing Scam
Online scams have become more common in Singapore lately. But most notable was the OCBC scam in Dec 2021, where nearly 800 customers fell prey to a phishing attack.
On Tuesday (15 Feb), Finance Minister Lawrence Wong noted that the scam was not a cyberattack and the bank’s system was not breached.
However, he said that OCBC should have “responded faster and more robustly” the moment it detected signs of the SMS phishing scam.
Moving forward, Minister Wong expressed that banks can and should do more to safeguard customers.
Lawrence Wong says OCBC should have reacted faster to the scam
Over the course of December, almost 800 OCBC customers fell victim to a scam, which led to losses amounting to $13.7 million.
Minister Wong said that this was “by far the most serious phishing scam” involving spoofed SMSes impersonating banks in Singapore.
Speaking in Parliament on Tuesday (15 Feb), Minister Wong said that the scam was not a cyberattack.
He stressed that at no point in time was the bank’s systems breached.
Nonetheless, he said that OCBC should have responded “faster and more robustly” when they first detected signs of the SMS phishing scam in early Dec.
Minister Wong added that throughout the month, OCBC had tried to stem the phishing scam.
The bank first warned about the scam messages through advisories on its website. They later SMSed and emailed customers about the spoofed messages.
During this time, OCBC also took various precautions such as working with authorities to take down scam sites and stop sending SMSes with clickable links.
Despite their efforts, Minister Wong said they could have reacted faster as they had only informed the Monetary Authority of Singapore (MAS) about the scam on 24 Dec.
By this time, OCBC’s call centre was overwhelmed, leading to affected customers facing delays in reporting the scams.
OCBC reviewing anti-scam processes
Since then, OCBC has apologised for falling short of expectations in customer service, reported Channel NewsAsia (CNA).
The bank is also giving “full goodwill payouts” to affected customers to cover their losses.
Over 90% of affected customers have now received these payouts. The remaining reimbursements will reportedly be completed soon.
OCBC has also engaged an independent external party to review its anti-scam processes. This includes fraud surveillance, incident management, and customer service.
They would also be recommending necessary actions to improve their processes.
Minister Wong shared that MAS will be reviewing these findings and supervising the bank as well as its implementation of these measures.
Actions have been taken in light of OCBC scam
In the 3rd quarter of 2021, MAS had done a “focused supervisory review” of fraud control adequacy in 3 local banks.
The banks then committed to a timeline to remedy gaps found in online banking channels upon MAS’ recommendations.
However, the December OCBC scam forced them to fast-track some of these measures.
One such example is MAS’ urgent announcement of the removal of all clickable links in SMSes or emails to customers.
This is necessary to improve the security of digital banking against scammers who employ similar tactics.
Banks can & should do more
Although precautions have been taken, Minister Wong emphasised that banks “can and should do more to safeguard their customers”.
He then laid out 5 key measures that are being considered:
- strengthen fraud surveillance capabilities to identify suspicious transactions
- step up ability to immediately block suspicious transactions and verify authenticity
- introduce additional customer confirmations of high-risk transactions or account changes
- expand use of biometric technology on top of passwords and OTPs
- accelerate shift towards mobile banking apps for customer authentication, transaction authorisation, and delivery of bank notifications
These measures, if implemented well, will make it more challenging for scammers to abuse mobile banking apps.
Minister Wong shared that MAS and banks are also reviewing the use of SMSes to deliver OTPs and how to improve it.
A wake-up call for both institutions & customers
Although things were resolved for customers who had fallen prey to the OCBC scam with the payout they received, Minister Wong said this is a one-time event.
In future, both customers and banks will have shared responsibility for the losses. Authorities are currently looking into establishing a common and equitable framework for this across all banks.
These recent scams have been a wake-up call to both financial institutions and customers alike.
With greater precautionary measures and awareness of scams, hopefully, we will see fewer of such incidents in the future.
Have news you must share? Get in touch with us via email at email@example.com.