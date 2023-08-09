SINGAPORE — To counter malware scams, banks here are rolling out a “stronger security feature” where phone users will not be able to use their mobile banking applications or log in to their internet banking accounts temporarily if their devices have other apps downloaded outside of official app stores.

In doing so, the banks do not monitor customers’ phone activity, nor conduct surveillance on their mobile phones, director of the Association of Banks in Singapore (ABS) Ong Ai Boon said on Tuesday (Aug 8).

She was responding to queries from TODAY after some customers of OCBC Bank reacted negatively to such a feature, citing inconvenience and questioning if the bank is being “high-handed” or can monitor users' activities on their phones.

These customers had taken to OCBC's Facebook page as well as on online platforms such as Reddit to voice their unhappiness since the bank rolled out the feature on Saturday.

In a Facebook post on Sunday, OCBC said that its customers will not be able to log in to its internet banking or digital app if they do not uninstall apps downloaded outside of official app stores from their phones.

They will be required to download and reinstall the apps only from official app stores to continue using the bank's digital services.

TODAY understands that other banks, apart from OCBC, will be rolling out the security feature, and has reached out to DBS Bank and United Overseas Bank for comment.

Reiterating an explanation by OCBC on Sunday, Mrs Ong said: “ABS would like to assure all banking customers that this security feature does not collect nor store any personal data.

“The technology detects higher risk behaviours which are characteristic of known malware activities when the banking apps are opened. It does not identify the owner of the mobile phone.”

She added that banks here have been working closely with government and law enforcement authorities to fight malware scams, which are deemed “particularly aggressive” and pose a serious threat to consumers.

“Together with the authorities, we have been reminding members of the public of the dangers of downloading apps from unauthorised sources that can lead to malware being installed on their mobile phones.

“In general, consumers who do not take the necessary precautions will be expected to bear the losses arising from malware scams,” said Mrs Ong.

A Monetary Authority of Singapore (MAS) spokesman said on Tuesday night that it strongly supports banks' moves to bolster the security of digital banking in the wake of malware-related scams, which an increasing number of customers have fallen prey to.

“OCBC’s latest security feature aims to address the dangers of downloading applications from unauthorised sources, as these may contain malware,” said the spokesman.

“It is in the nature of new innovations that they may cause unintended inconveniences. MAS will work with the banks to learn from these experiences and continually enhance their security features.”

Mr Beaver Chua, head of anti-fraud at OCBC group financial crime compliance, told TODAY that the security feature to filter out “bad apps” is mandated by MAS.

He cited recent cases of malware scams such as Central Providend Fund accounts being remotely accessed by scammers, resulting in money being withdrawn.

When asked about the conditions the feature takes into account when filtering the apps, he said he cannot go into specifics. In general, it looks at:

whether the apps are downloaded from official app stores

the risk settings of the apps, such as whether they carry certain risks or unwanted permissions

whether the apps can be remotely accessed, giving scammers control

Addressing claims by netizens that some legitimate apps such as Microsoft Authenticator are being identified as risky, Mr Chua said that these apps are usually downloaded directly from websites, and not app stores.

“Since we rolled out the Android security feature on Aug 5, we have not received any malware scam reports from customers who have updated their app, and therefore have this new feature.

“This is in contrast to before Aug 5, where we usually receive at least one malware scam report from our customers a day,” said Mr Chua, who added that the feature also recognises app stores from other brands such as Oppo and Huawei.

Customers who face issues may proceed to OCBC branches for assistance or call the bank's customer service hotline at 1800-363-3333, added Mr Chua.

Mrs Ong said that in implementing new security measures to protect customers, banks will strike a balance between security and convenience.

“We seek the understanding of consumers as scammers are deploying increasingly sophisticated tactics,” she added.

The MAS spokesman said that while security measures will come with “some measure of added inconvenience” for customers, they are necessary to maintain security of and confidence in digital banking.

“Coupled with a vigilant and discerning public, robust security measures will help us strengthen our defence against scams.”