MAS orders financial institutions to tighten verification processes in wake of SingHealth cyberattack

MAS orders financial institutions to tighten verification processes in wake of SingHealth cyberattack

Stanislaus Jude Chan
25/07/18, 12:10 am

SINGAPORE (July 24): The Monetary Authority of Singapore (MAS) has ordered banks and other financial institutions to tighten their customer verification processes.

The circular to all financial institutions comes in the wake of a cyberattack at SingHealth, which saw personal information of 1.5 million individuals – including Prime Minister Lee Hsien Loong – illegally accessed and stolen.

Singapore's worst cyberattack 'not work of casual hackers, criminal gangs'

With immediate effect, MAS has directed all financial institutions not to rely solely on the types of information stolen – such as name, NRIC number, address, gender, race, and date of birth – for customer verification in accessing online financial services.

Instead, MAS says additional information must be used for verification before undertaking transactions for the customer. This may include the use of One-Time Password, PIN, biometrics, and last transaction date or amount.

These measures are to address any risk that the information stolen from SingHealth may be used by fraudsters to impersonate customers and perform unauthorised financial transactions.

In addition, MAS has directed all financial institutions to conduct a risk assessment of the impact of the SingHealth incident on their existing control measures for financial services offered to customers, including transaction and inquiry functions.

Financial institutions are to take immediate steps to mitigate any risks that might arise from the misuse of the compromised information. MAS says it will engage financial institutions on their risk assessments and mitigation steps.

“MAS will work closely with the financial institutions to ensure that robust cyber defences are in place so that customers can carry out online financial transactions with confidence,” says Tan Yeow Seng, MAS’ Chief Cyber Security Officer.

The tightened customer verification processes will be added on top of two-factor authentication at login that banks are already required to put in place to identify their customers for access to online financial services.

Banks are also required to implement an additional layer of control to authorise high-risk transactions, such as opening of beneficial accounts, registration of third party payee details, and revision of funds transfer limits.

“But customers must also play their part. They must safeguard their passwords and practise good cyber hygiene. If they suspect any fraudulent transactions in their accounts, they should notify their banks immediately,” Tan adds.

Don't demonise China but neither be its vassal state: Ho Kwon Ping

SINGAPORE (Apr 23): The current United States and China trade tensions, businessman Ho Kwon Ping thinks, is not about a trade war but about a paradigm shift towards China becoming a major global player who does not want to play by Western rules. Ho says: “The Current US-China tensions are not only not about the trade war, it is not even about geopolitical or geo-economic rivalry. It is about an entire paradigm shift in civilisational relationships which has not happened for the last 200 to 300 years ever since the ascendancy of Western civilisation to become the dominant civilisation in t....

UOB Kay Hian remains positive as SPH turns to student accommodation to arrest flagging media business

SINGAPORE (Apr 23): Despite continued weakness in its core media business, UOB Kay Hian is staying positive on Singapore Press Holdings (SPH) on the back of its foray into the student accommodation segment. SPH last week announced it has acquired a portfolio of three purpose-built student accommodation (PBSA) assets in the UK for £134 million ($237 million). See: SPH expands UK student dorm portfolio with $237 mil acquisition The assets span three cities in the UK – Southampton, Sheffield and Leads – and has a total capacity of 1,243 beds, bringing SPH’s total portfolio to over....

Ascott transforms digital ecosystem to support expansion

SINGAPORE (Apr 23): The Ascott Limited, CapitaLand’s wholly-owned lodging business unit, is embarking on a digital ecosystem transformation to support its expanding global lodging portfolio. The company aims to drive revenue growth, improve operational efficiency and enhance value to its customers and business partners through a comprehensive front-to-backend systems makeover. As part of its digital transformation, Ascott has launched the Ascott Star Rewards, the world’s first loyalty programme in the serviced residence industry to offer full flexibility to earn and redeem points. It....