1. When a financial institution is accountable
A case study included in the discussion paper describes the scenario in which a customer clicked on an email that was phishing and entered his account information on obfuscated websites that passed for financial institutions.
The con artist then set up a digital gift and took control of the customer’s accounts without his knowledge using the account credentials and OTPs provided.
The financial institution did not impose a 12-hour cooling-off period during which high-risk actions could not be carried out due to an error in the program. As a result, within the 12 hours following the detection of the innovative digital token, the con artist was able to raise the user’s online transaction cap from Entropy$ 5, 000 to S$ 10, 000, which is high-risk activity.
The customer had seen the warning alerts informing him of the new modern token’s activation and the increase in the deal limit, but he chose not to take any of them into consideration. The con artist then took out the user’s account and made several purchases totaling Entropy$ 10,000 each.
Given that it had failed to fulfill its obligation to provide a 12-hour cooling off period, the financial institution in this case bears the complete loss. This is true even though the customer chose to ignore the warning notifications that were sent to him and chose not to exercise due diligence by clicking on a hacking website.
2. 2. when a company is accountable
A customer was asked to restore his Digibank login using a link in an SMS sent to him with the Sender ID” DBS Bank” in another case study.
In reality, this SMS was a hoax sent by an international organization using the alias DBS. This SMS was certainly blocked by the company.
The customer entered his account information on the malicious web after receiving the SMS. Then, five FAST purchases totaling S$ 10, 000 to another local accounts were started using his bill qualifications, including OTPs. & nbsp,
The economic institutions sent SMS messages for each purchase. This indicates that the financial institution did not make any mistakes, but the telco neglected to stop the unconfirmed SMS. The company will cover all of the deficits in this scenario.
3. When a customer behaves responsibly
In this instance, a con artist using the alias” economic establishment” had phished email-smacked the customer with information about an alluring product. & nbsp,
To buy the item, the customer clicked on the link and entered his profile information and OTPs on a fictitious website. & nbsp,
The con artist eventually used the bill credentials, including OTPs, to start three FAST transactions of Entropy$ 1, 000, Entropy$ 2, 000 and S 3, 000 to another regional account, both. & nbsp,
Due to the consumer’s previous adjustment of his purchase alert level to Entropy$ 1, 500, deal notifications were merely sent for FAST transactions of S$ 2, 000 and S$ 3, 000. In this instance, the financial institution is not responsible for failing to notify the S$ 1, 000 purchase.
Telcos won’t take part in this analysis of losses because the customer received the link to the spoofed website via email rather than SMS.
For this, the client is responsible for 100 % of the damage.