As a further step to guard against rising scam cases, Singapore’s three local banks will soon allow their customers to set aside and “lock up” a certain amount of funds that cannot be transferred out of one’s account digitally.
DBS, OCBC and UOB told CNA that they will be rolling out their own versions of a “money lock” by next month.
The concept of a “money lock” has been studied by the banking industry to guard against rising scam cases, said Minister of State for Trade and Industry Alvin Tan in parliament last month.
Such a feature will allow banking customers to set aside a certain amount in their accounts that “cannot be digitally transferred out without strict authentication measures”.
“This will further help to limit losses against scams,” he said in response to an adjournment motion on measures to protect banking customers against scams.
In a press release on Oct 6, DBS announced the upcoming roll-out of a new banking account – called digiVault – that will adopt a “digitally in, only physically out” approach.
This means that customers will be able to make fund transfers digitally into this new account, but not for outgoing transactions.
With customers’ funds being unable to be accessed digitally, the new digiVault will help to prevent scammers who gain unauthorised access to customers’ phones and accounts from performing fraudulent digital transactions, DBS said.
The bank added that funds in the upcoming digiVault account – set to be launched by the end of November – will only be accessible when customers verify their identities.
One such way is to have customers visit a bank branch with their proof of identity, such as an IC or passport. In addition to in-person verification at bank branches, DBS is exploring other options which will be announced next month.
“digiVault is akin to a virtual safe deposit box in a vault,” said the bank’s Singapore country head Han Kwee Juan. “The funds in the account are locked away and will give our customers peace of mind that it cannot be accessed digitally.”
UOB and OCBC to announce similar features
In response to CNA’s queries, the other two local banks said similar moves are on the way.
OCBC said it will implement a “money lock” feature – which allows customers to “ringfence an amount from their account balances that cannot be digitally transferred out” – on its banking app by end-November.
When rolled out, a “cross-channel authorisation measure” will be needed to “unlock” the ringfenced funds, said Beaver Chua, head of anti-fraud at the bank’s group financial crime compliance.
For example, a customer will have to perform the unlocking function on a different platform other than the app, such as at an OCBC ATM.
OCBC said a “robust and secure measure to unlock the ringfenced funds” must be in place amid the prevalence of scams, but such moves “may inevitably introduce friction in banking”.
“As with any security measure, and listening (to) our customers’ feedback, we will always endeavour to achieve the right balance between protecting our customers, and customer experience,” Chua said.
Over at UOB, the bank will also roll out its own version of a “money lock” by November after studying the concept closely.
“We believe that the money lock can be an effective tool to limit risk exposure online as it is able to ringfence a portion of funds as designated by the customer from digital transfers or intrusion,” said the bank’s head of group compliance Daniel Ng.
OCBC’s new anti-scam measure upsets some users; bank clarifies only apps with risky permission settings flagged.
Step-up in security measures against scams
This comes on the heels of a recent step-up in scam-preventive security measures by banks in Singapore. At least four have rolled out greater controls that restrict user access to their apps in a bid to nullify the threat of malware-enabled scams.
OCBC was the first to do so in August, with its security feature preventing Android users from accessing the bank’s digital services on their phones if potentially risky apps downloaded from unofficial portals – otherwise known as sideloaded apps – are detected.
Access will also be blocked if apps downloaded from an official app store are detected to contain a “risky setting”, such as remote control screen sharing that enables a user to remotely control another device. That said, most apps downloaded from official app stores do not contain such risky remote control or accessibility settings, said Chua while replying to separate queries from CNA about the security measures.
Citibank’s security update, released in mid-September, restricts users’ access if it detects risky permission settings on other apps or tools. Such settings include screen sharing or mirroring on other apps or tools.
“Any screen-sharing or mirroring functions in an app” that is detected while the bank’s mobile app is being used will trigger the security feature, said Nilesh Kumar, the bank’s head of digital channels and experience in Singapore.
“Users can simply turn off the screen-sharing (or) mirroring functions in these apps when using the Citi Mobile App to avoid triggering the security feature, without having to uninstall these apps,” he added.
Recently, DBS and UOB announced their set of security measures that similarly deny access to their digital services if users’ phones contain apps from unverified app stores. Detection of ongoing screen-sharing by apps on customers’ mobile phones will also trigger restricted access for both banks.
The banks have stressed that the latest security features do not monitor customers’ phone activities, collect or store any personal data.
For instance, DBS said its anti-malware tool “does not access users’ phone content, but instead detects the behavioural characteristics of known malware that is confirmed by SPF (Singapore Police Force) or sideloaded apps”. – CNA
