The Monetary Authority of Singapore (MAS) has issued a consultation paper that details the types of information required for non-face-to-face verification of an individual’s identity.
The paper, which was released on Nov 10, comes amid the rise of impersonation cases. The proposed requirements also seek to address the risks arising from theft and the misuse of an individual’s personal particulars.
Under the proposed notice, financial institutions now have to use an individual’s password or PIN, one-time password generated by a hardware or software token, account transaction information or face or fingerprint recognition before it conducts any transaction request from an individual.
Moving forward, information such as NRIC number, residential address and date of birth will not be used as the sole means of identity verification.
“Personal information such as NRIC number and date of birth are often provided by members of public for various purposes, such as filling in an application form. This information, if fallen into the wrong hands, can be used for impersonation fraud,” says Tan Yeow Seng, chief cyber security officer at MAS.
“Financial institutions already have in place these identity verification practices. The proposed Notice will further bolster consumer confidence in financial institutions by making these identity verification practices compulsory during non- face-to-face financial transactions. Consumers should also play their part by not disclosing their online banking login credentials such as account username, PIN number and one-time password,” Tan adds.
See Also: MAS bans former insurance agent and former bank employee for fraud and dishonest conduct
On the same day, MAS’s Cyber Security Advisory Panel (CSAP) stressed the need for financial institutions to review their security controls.
The news comes amid the heightened technology-related risks arising from working remote and safe management measures due to the Covid-19 pandemic.
Key recommendations from the CSAP, released at its fourth annual meeting with MAS’s management on Nov 5 include maintaining oversight of third-party vendors and their controls.
The CSAP also advised MAS to assess risk profiles and review their risk-mitigating measures, as well as strengthening governance over the use of open-source software.
Ravi Menon, MAS’s Managing Director who chaired the CSAP meeting, said, “Singapore’s financial sector has done well so far in its cyber and operational resilience amid the new operating environment created by the pandemic. But as the situation prolongs, that resilience will come under greater stress as cyber attackers look for new vulnerabilities”.
“Financial institutions must remain alert and nimble and strengthen their defences against emerging cyber threats. CSAP members have provided useful recommendations on maintaining cyber security against the backdrop of growing reliance on remote working arrangements and cloud service providers,” he adds.