Source of article: The Business Times

In summary:

The public consultation paper jointly published by the Monetary Authority of Singapore and the Infocom Media Development Authority to provide a shared responsibility framework (“SRF”) for financial institutions (“FIs”), telcos and consumers to address a burgeoning problem of phishing scam losses, is to be applauded.

The “water-fall” structure under the SRF is fair and equitable as unlike consumers, FIs and telcos have the financial resources and capabilities to bear the “heavy-lifting” for the prevention and disruption of phishing scams.

Phishing scams are presently the dominant threat and the root of increasing public disquiet that may undermine the integrity of Singapore’s digital banking and payments systems. The SRF seeks to address the genesis of a burgeoning problem that could potentially ruin public confidence in Singapore’s digital banking and payments system.

Other scams such as love scams, hacking, identity thefts and other malware scams are mutating and morphing world-wide. It would be premature at this juncture to institutionalise a clear framework to adequately and systematically address the growing multitude of malware-enabled variants that cannot be contained by industry stakeholders within Singapore’s jurisdiction.

As in the implementation of all new regulatory compliance requirements, the devil lies in the details. FIs and telcos have their institutional responsibilities under the SRF cut out for them. The “Iron-Dome” shields expected of FIs and telcos to detect and prevent phishing scams would certainly require continuous fine-tuning and refinement to combat the evolving sophistication of the creators of such scams. The SRF may inadvertently raise public expectations on the reliability of the systems and technological capabilities of the FIs and telcos. Any system-failure or malfunctioning on the part of the FI or telco in a phishing scam may invoke a cathartic response and raise a wide-spread ire of the public to start naming and blaming.

The proposed SRF should not be perceived as an immutable concrete set of solutions to address a dynamic and mutating problem. Constant refinement to augment and strengthen an industry-wide approach to combat phishing scams must continue to evolve to keep pace with the increasing sophistication and creativeness of the perpetrators of cyber-crime. The importance of continuous consumers’ education on the threat of devious and creative phishing scams and the need for consumers’ constant vigilance cannot be over-emphasised.

I thank the Singapore Business Times for the opportunity to share my views on the consultation paper in the attached story published on 27 October 2023.

My post on LinkedIn is here