Banks, insurers and other financial institutions (FIs) will have to implement more stringent ways of verifying customers' identity in non-face-to-face situations such as phone or online banking.
In a consultation paper published on Tuesday, the Monetary Authority of Singapore (MAS) said that FIs must not rely solely on information that is often provided by individuals such as NRIC number, residential address and date of birth to verify an individual’s identity, before undertaking any transactions or acting on any instructions.
This move aims to address the risks arising from the theft and misuse of an individual’s personal particulars. MAS noted the rise globally of cyber attacks, such as data theft, scams and phishing.
«In Singapore, there have been several notable incidents where massive amounts of personal particulars were illegally accessed, stolen and used to commit fraudulent transactions,» MAS said in the draft notice, which is open for comments until December 9.
Boosting Consumer Confidence
Under the proposed notice, it will be mandatory for FIs to use one of the following for verification: password or PIN, a cryptographic identification device or token, biometric information that uniquely identifies the individual, or information (such as account transaction information) that is only known to the individual.
«The proposed Notice will further bolster consumer confidence in financial institutions by making these identity verification practices compulsory during non-face-to-face financial transactions. Consumers should also play their part by not disclosing their online banking login credentials such as account username, PIN number and one-time password,» Tan Yeow Seng, MAS chief cyber security officer, said in a statement.
