Singapore bank OCBC has agreed to reimburse S$8.5 million ($6.3 million) to 469 customers who fell for an SMS phishing scam in December.
It is a generous move, but perhaps a surprising one; scammers impersonating banks are rife in Singapore – though the scammers themselves are generally overseas – and it is not a bank’s fault if a customer is duped.
Now the industry is trying to work out if a precedent has been set.
The scam was nothing special: an SMS message claiming a customer had an issue with their bank account and providing a link to resolve the problem. If clicked, the customer would then be asked for their bank login details.
Long-term, paying out every time a customer clicks on a bogus link seems unsustainable
“The payouts to this group of customers are made on goodwill basis after thorough verification, taking into account the circumstances of each case,” OCBC said in a statement on January 17.
DBS and UOB customers are routinely targeted by similar scams. We approached both banks for their views.
DBS said: “When a customer falls prey to a scam, we have dedicated resources in place to act swiftly and assist them. Every scam is different and needs to be investigated to determine the facts. We do make goodwill offers”, taking into account the scam and the circumstances.
And UOB said: “In the event of UOB customers falling victim to scams, we will proactively review the case and will work with each of them on a case-by-case basis. We have been and will continue to be flexible in dealing with scam cases and may make goodwill offers”, depending on circumstances.
Regulators
Long-term, paying out every time a customer clicks on a bogus link seems unsustainable, and OCBC’s largesse, just before the Chinese New Year holidays, is an act of benevolence that might not be universally applied.
Also in January, the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) announced new measures to improve the security of digital banking services, including the removal of clickable links in SMSs sent to customers.
The MAS is conducting a review of fraud-surveillance mechanisms at the banks and deciding how to apportion liability in fraudulent online transactions. All three banks say they are working with the regulator to establish an answer to a vexing question: where do bank responsibilities lie towards hoodwinked customers?