Cyber-security firm Acronis’ chief information security officer, Mr Kevin Reed, said the steps introduced by MAS and ABS help to minimise risks by removing some weak points, such as links in SMSes, and improve the response time and process of detecting fraudulent activities.
“It’s good to have extra measures implemented, but it’s simply not enough – the attacks can still continue at this point. Some of them – like the cooling-off period, more frequent education alerts – can work if implemented correctly, while others may not have the desired effect,” he noted.
These changes must be well explained to customers. Otherwise, the change can cause confusion and temporarily open up even more new opportunities for attackers, Mr Reed said, adding that close collaboration between telecoms providers and banks is crucial to complicate the work of attackers and reduce the chances of customer accounts being compromised.
Mr Leow Kim Hock, Asia chief executive of cyber-security services provider Wizlynx Group, stressed that while these measures are good to restore public confidence, given the recent spate of the scams, the key is to educate customers, especially since the technology that scammers use is constantly evolving.
The banks could look at assessing users before they are qualified to use digital banking services, similar to how customers have to undergo a customer knowledge assessment before they wish to invest in specified investment products, he said.