Tuesday, July 24, 2018

MAS directs financial institutions to tighten customer verification process

The Monetary Authority of Singapore (MAS) has issued a circular to all financial institutions, directing them to tighten their customer verification processes. 
This follows the recent cyber attack at SingHealth where personal information of 1.5 million individuals was illegally accessed and stolen.

For access to online financial services, banks in Singapore are already required to put in place two-factor authentication (e.g. PIN and One-Time-Password) at login to identify their customers. Banks are also required to implement an additional layer of control to authorise high-risk transactions.

Financial institutions also have in place robust measures to verify customer identity. Personal information (name, NRIC number, address, date of birth, etc) is generally not used as the sole means of verification by financial institutions as these are often freely given out by members of the public for various purposes, such as when filling out lucky draw coupons or surveys.

However, to address any risk that the information stolen from SingHealth may be used by fraudsters to impersonate customers and perform unauthorised financial transactions, MAS has directed financial institutions to tighten their customer verification processes. Specifically, with immediate effect, all financial institutions should not rely solely on the types of information stolen (name, NRIC number, address, gender, race, and date of birth) for customer verification. Additional information must be used for verification before undertaking transactions for the customer. This may include, for instance, One-Time Password, PIN, biometrics, last transaction date or amount, etc.

MAS has also directed all financial institutions to conduct a risk assessment of the impact of the SingHealth incident on their existing control measures for financial services offered to customers, including transaction and inquiry functions. Financial institutions are to take immediate steps to mitigate any risks that might arise from the misuse of the compromised information.  MAS will engage financial institutions on their risk assessments and mitigation steps.

Mr Tan Yeow Seng, MAS’ Chief Cyber Security Officer said, “MAS will work closely with the financial institutions to ensure that robust cyber defences are in place so that customers can carry out online financial transactions with confidence. But customers must also play their part.  They must safeguard their passwords and practise good cyber hygiene.  If they suspect any fraudulent transactions in their accounts, they should notify their banks immediately.”

Consumers can refer to the Gosafeonline webpage for cybersecurity tips and the SingCERT webpage for alerts and advisories on cybersecurity issues.


6 comments:

  1. Remarkable article, it is particularly useful! I quietly began in this, and I'm becoming more acquainted with it better! Delights, keep doing more and extra impressive! financial news for today

    ReplyDelete
  2. You have a real talent for writing unique content. I like how you think and the way you express your views in this article. I am impressed by your writing style a lot. Thanks for making my experience more beautiful. KETQUAMOINHAT

    ReplyDelete
  3. This the Vapehouse Dubai Providing business consultant service in UAE (United Arab Emirates) on Top Vapstore. Vapehousedubai is the largest vap store in Dubai offer origianl vap, vap device kits and more at reasonable price with fastest delivery. So you are Welcome to vapehousedubai.com, UAE’s largest online vape store. Being a premium supplier of vape products allows us to deliver products to you at the lowest price. for more details here : Vape shop in dubai

    ReplyDelete
  4. Thank you so much as you have been willing to share information with us. We will forever admire all you have done here because you have made my work as easy as ABC. 파워사다리 사이트

    ReplyDelete
  5. I found your this post while searching for some related information on blog search...Its a good post..keep posting and update the information. csgo competitive ranks

    ReplyDelete
  6. Thanks for sharing such interesting and marvellous content with us.

    Tractor Price

    ReplyDelete