Singapore officials said on Monday that the country will next month deliver a consultation paper detailing a split liabiilty scheme that means consumers and banks are both on the hook after financial loss flowing from scams.

It is an answer to a common question these days: in a world of rampant payment and transfer scams, who is responsible?

Countries like Australia have also considered shared loss schemes. Meanwhile, the European Commission has proposed a “refund” to victims of certain types of fraud, including authorized push payment scams.

Starting next year, the UK will begin mandatory reimbursement by banks to scam victims up to one million pounds, with the sending and receiving bank sharing the bill.

Singapore's minister of state Alvin Tan has a different view.

“There are some views that banks can easily absorb losses arising from individual scam cases. However, full restitution without due consideration of culpability is neither fair nor desirable,” he toold Parliament on Monday.

A draft of a Singapore's shared responsibility framework was originally intended to be complete in the first half of 2023. Tan said on Monday the process had taken longer than the government would like but version detailing responses to phishing scams should be completed next month.

Singaporean authorities first floated a a shared liabiilty strategy in February 2022 after threat actors stole a combined SG$13.7 million ($10.2M) from around 800 customers of a single bank by spoofing text messages.

At first, Oversea-Chinese Banking Corporation (OCBC) offered "goodwill" payments to a paltry 6.4 per cent of victims, but after Monetary Authority of Singapore (MAS) threatened action, it changed its tune said it would issue "full goodwill payouts" to all victims.

The sheer magnitude of the required payout left the city-state to rethink it’s anti-scam measures.

Then minister of finance, now deputy prime minister, Lawrence Wong said in the future, customers and banks would have a shared responsibility for any losses in order to prevent a "weaken[ed] incentive to be vigilant" on the part of the customer.

The MAS currently requires banks to secure digital systems, including with multi-factor authentication for online purchase. Banks are also required to send alerts for some transactions and have been given guidance on handling and investigating disputes. Those efforts are supervised by MAS. But all the efforts prove no match for motivated social engineers.

“In scam cases, banks must consider if they have fulfilled their obligations, and whether the victim had acted responsibly. Customers who practised good cyber hygiene and were diligent in preventing their login information and OTPs from being divulged to third parties, should not have to bear losses,” said Tan.

In its current process, customers that are unhappy can pursue the case in court, and those that are not can agree to the terms and conditions associated with any payout.

The resulting agreements usually mean financial disappointment and signing a nondisclosure agreement, which many victims do begrudgingly, pointed out parliament member Sylvia Lim.

Lim advocated for a system similar to that of the UK, to give consumers more confidence in their transactions. ®

https://www.theregister.com//2023/09/20/singapore_phishing_split_fraud/