Banks to roll out Singpass face verification as part of digital token set-up process

Customers who do not have a Singpass account may register for one and download the Singpass app before setting up their digital token. PHOTO: VIVIAN BALAKRISHNAN/FACEBOOK
Ian Cheng
Correspondent
Updated
 
Sep 18, 2024, 09:56 PM
Published
 
Sep 18, 2024, 01:35 PM

SINGAPORE – Bank customers will soon need to use Singpass face verification (SFV) to verify their identities when setting up their digital tokens, in a bid to better protect them against scams.

Major retail banks in Singapore will progressively implement this over the next three months, said the Association of Banks in Singapore (ABS) and Monetary Authority of Singapore (MAS) in a joint statement on Sept 18. The move will make it more difficult for scammers to take over a customer’s digital token by setting it up on their own devices using phished credentials such as an SMS, one-time passwords (OTPs) and bank card information, said ABS and MAS.

A digital token authenticates logins and transactions on a mobile banking app, generating push notifications seeking banking users’ approval – in a process known as second-factor authentication – before an online transaction goes through.

SFV, which will complement existing authentication measures, will be triggered in higher-risk scenarios – then a face scan will verify a customer’s identity against national records before the customer’s digital token is activated for use.

Customers who do not have a Singpass account may register for one and download the Singpass app before setting up their digital token.

“Singpass face verification gives customers increased protection against unauthorised access to their bank accounts, adding to the suite of measures and tools that banks have provided customers to empower them to guard themselves against scams,” said ABS director Ong-Ang Ai Boon.

Other initiatives and self-help tools include the phasing out of OTPs for bank account login by digital token users and the money lock feature, through which customers can “lock up” specified amounts of their funds that cannot be accessed digitally.

“While banks will continue to do their part to fight scams, customers need to be vigilant themselves and practise good cyber hygiene,” said Mrs Ong-Ang.

MAS’ assistant managing director for policy, payments and financial crime Loo Siew Yee said that the authority would continue to work closely with banks on measures to protect customers against scams.

“We urge consumers to maintain vigilance and avoid falling prey to scams by keeping updated on the latest scam tactics, practising good cyber hygiene and making use of money lock,” said Ms Loo.

Singpass Face Verification makes it more difficult for scammers to take over a customer’s digital token, said the Association of Banks in Singapore and Monetary Authority of Singapore. PHOTO: ST READER

In a statement on Sept 18, both UOB and DBS Bank said they support the move by ABS and MAS, and will implement the measure on their respective banking apps from October. OCBC Bank told The Straits Times it would roll out the security feature by November.

A UOB spokesperson said that customers should be aware that scammers are constantly changing their methods, and anti-scam measures are not foolproof. “Our customers remain the singular most effective defence, so it is critical for them to always exercise vigilance and caution to safeguard themselves in this ever-evolving threat landscape.”

A DBS spokesperson said that more than a million DBS and POSB customers have used its security features to protect themselves from scams, such as locking their funds up in digiVault. The spokesperson added that the bank has also been intensifying its anti-scam education efforts to raise public awareness of the latest scams and fraud, such as expanding its digital literacy and anti-scam workshops to more neighbourhoods.

An OCBC spokesperson said that customers may “experience some friction” while setting up their digital tokens when its security measures are rolled out.

“However, with the scourge of scams and their ever-evolving modus operandi still prevalent, these enhancements are much-needed safeguards to prevent scammers from quickly gaining access to customers’ accounts and stealing their monies,” said the spokesperson.

The SFV feature was made available to all Singpass users accessing government digital services in December 2020. It is currently used for verification purposes in processes such as the increasing of daily CPF withdrawal limits.

In the first six months of 2024, scam victims in Singapore lost a record high of over $385.6 million, with the number of cases increasing by 16.3 per cent when compared with the same period in 2023.

In 86 per cent of the cases, the scammers did not gain control of the victims’ accounts but had manipulated them into transferring money to the criminals.

Although those aged 65 and above made up only 7.2 per cent of scam victims, the police are particularly concerned for this group, as they could lose their life savings and are unlikely to recover financially from it.

Join ST's WhatsApp Channel and get the latest news and must-reads.