MAS proposes guidelines to protect e-payment users

SINGAPORE - An electronics payment user could be liable for up to S$100 for an unauthorised transaction if he or she was negligent. There will be no liability if the user took proper care of the account, but if he or she is found to be reckless, the total amount will be borne by the user.

These are among the guidelines proposed by the Monetary Authority of Singapore (MAS) to protect users and encourage wider adoption of e-payments. A public consultation on the proposals was launched on Tuesday (Feb 13), and will end on March 16.

The guidelines, which are expected to be developed and published by the first half of this year, focus on individuals and micro-enterprises (companies with 10 or fewer employees, or revenues of less than S$1 million), and set the standards on the responsibilities of financial institutions and e-payment users, said the MAS.

They also provide help on how financial institutions and protected account holders can resolve unauthorised payment transactions and payments sent to the wrong party. These include examples on how the financial institutions should protect an account holder, such as providing a free reporting channel, adequate transaction notifications and the opportunity to confirm payment.

Protected accounts are those that allow for e-payment transactions, and are held in the name of an individual or micro-enterprise. The accounts can have a balance of more than S$500, or they can be a credit facility. They are operated by a bank, credit card company, finance company or stored value facility such as Nets.

The guidelines also spell out how much an account holder is liable for losses arising from unauthorised transactions.

For example, in a situation where the account holder was involved in an unauthorised transaction as a contributor, but if the act was not due to recklessness, the account holder will be liable for a loss of up to S$100. In the event of an unauthorised transaction, the account owner is not liable for any loss if he or she has taken full care of the account, and is not a contributor to the loss of monies in it, said the MAS.

If the sender makes an e-payment to the wrong person, MAS said both the payer and the recipient’s financial institutions should make “reasonable efforts” to recover the monies within the proposed timeline. The financial institution will have to inform the recipient that “wrongful retention” of the money is a criminal offence.

Financial institutiions should also provide sufficient transaction notifications to allow an account holder to properly monitor his protected account, said the MAS.

For example, they should send the account holder a consolidated list of all the transactions made to or from the protected account at least once a day. The notifications should be sent to the account holder’s phone number via SMS or email, and should contain detailed information of the transaction, such as the transaction amount, and merchant’s trading name.

Credit card transactions made on any e-payment platforms such as digital banking, Apple Pay or PayNow are covered by the guidelines, provided the credit cards are issued by a responsible financial institution.

For payment gateways such as PayPal, the stored value facility function is not covered by the guidelines, but credit card-linked transactions made through PayPal will be considered. In the case of an unauthorised transaction with such payment gateways, the consumer should contact the issuer of the credit card to resolve the issue.

Stored value facilities like PayPal are not covered as those that hold a float of below S$30 million are currently not required under the Payment Systems (Oversight) Act to seek approval from MAS to hold such funds.

EZLink cards are also not covered by the guidelines as they are cannot be topped up to above S$500.

The guidelines provide “general guidance” and are not intended to be comprehensive, nor replace or override any legislative provisions, said MAS.

MAS deputy managing director Jacqueline Loh said: “MAS hopes that these guidelines will help to make e-payments simpler and more secure, and give individuals and micro-enterprises more confidence to adopt and integrate e-payments into their daily activities.”

Banks and payment networks here that TODAY contacted welcomed the proposals.

A DBS spokesman said: “The protection guidelines will provide more clarity and assurance to consumers using e-payment options. This will also encourage more consumers to adopt e-payments as digital payment options become ubiquitous in Singapore.”

DBS has had “money safe guarantee” coverage since 2010 to protect customers against unauthorised transactions, the spokesman added.

He also said that the bank is seeing a growing number of transactions for PayNow, which allows inter-bank transfers using just mobile numbers or personal identity numbers, The bank’s mobile wallet app, PayLah!, has close to 800,000 users.

Nets Group chief executive officer Jeffrey Goh said the guidelines are “a timely and important step to enable wider adoption of new e-payment methods”.

He added: “Our experience in driving e-payments in Singapore over the past three decades has shown that security is a key consideration for consumers in choosing to use e-payments. Consumers are more willing to adopt e-payments if they trust the institution providing the service and we believe the guidelines provide greater assurance to consumers.”

In November last year, the MAS released a separate publication consultation paper on a payment services Bill which ended last month. The Bill categorises activities along the financial services value chain into seven groups of services: Account issuance, domestic money transfer, remittance, merchant acquisition, electronic-money issuance, virtual currency, and money-changing.

The MAS said on Tuesday that when the Bill commences, it also intends to make the guidelines applicable to payment services licensees that issue payment accounts.

Licensees will be regulated “according to the activities they conduct, because different activities pose different risks”, said MAS managing director Ravi Menon last November.

WHAT THE GUIDELINES WILL/WILL NOT COVER

RECKLESSNESS AND LIABILITY
- “Recklessness” from an e-payments user occurs when there is an unauthorised transaction and the user deliberately does not fulfil his or her duty by reporting the situation to the financial institution by the next business day after receiving the notification.
- The main card holder or the main account owner will be responsible for all losses arising from reckless actions from account users such as supplementary card holders, even in a situation where the supplementary card holder defrauds the account holder or the bank.
- If a customer loses the credit card, and an unauthorised transaction occurs for an e-payment, reckless behaviour will be considered if the user deliberately did not take care of the card.

NEGLIGENCE
- For example, if a user accidentally misplaces his or her phone which has e-payment functions, and an unauthorised transaction occurs, the user is liable for a maximum of S$100.
- If a customer loses the credit card due to theft or misplacement of the card, and an unauthorised transaction occurs for an e-payment, negligence will be considered.

NO LOSSES
- If the account user has a payment transaction executed before receiving an authentication device or access code, the user will not be liable for losses incurred.
- If the user was defrauded with unauthorised transactions by a merchant that the user had previously purchased goods or services from, the user is not liable as well.

PAYMENTS SENT TO THE WRONG PARTY
- For accidental payments to other users, customers can work with the sending and receiving banks to have the funds returned.

SCAMS
- Payment transactions arising from scams are not covered in the guidelines. The user will be liable to pay for actual losses for an unauthorised transaction in instances where he or she had consented to the transaction and was scammed. As the transaction is not considered “unauthorised,” the user is not covered.