Consumers and small businesses wary of e-payments due to fears of unauthorised transactions through their bank accounts can soon be assured of no liability as long as they keep the account details secure, new guidelines proposed on Tuesday (Feb 13) showed.
The Monetary Authority of Singapore (MAS) outlined the liabilities held by these customers in the event of unauthorised mobile transactions, and set out the banks' responsibilities in notifying customers of e-payment transactions so that account holders can keep track of digital fund flows.
The guidelines will apply to both individuals and small business owners, defined as "micro-enterprises" that either hire fewer than 10 staff, or make less than S$1 million in annual turnover.
The guidelines come after Singapore launched PayNow, a free service offered by seven retail banks that enables mobile fund transfers through the recipient's mobile phone number or NRIC number. Since the scheme was launched in July, more than a million users have registered with PayNow.
Account holders who were careful in protecting their accounts would not be liable for any unauthorised transactions, MAS said. This would typically mean such customers used strong passwords and tucked them away, as well as installed the security patches regularly released by tech-product makers.
Consumers or small businesses found to be careless but not reckless in contributing to unauthorised transactions that are being disputed, will be liable for up to S$100. Such account users may have misplaced a mobile phone or have accidentally given away passwords.
But if banks can prove that reckless behaviour by customers led to the unauthorised transactions, consumers would then be liable for the actual loss.
When a "fat finger" transaction has occurred - that is, when a payment is made to a wrong person by accident - customers can work with the sending and receiving banks to have the funds returned in about a week's time.
MAS said banks should offer transaction notifications so that account holders can monitor their accounts. At the minimum, the banks should send account holders an SMS or e-mail of the consolidated list of all the e-payments in and out of bank accounts, at least once a day. The information should identify the recipient, as well as each transaction's amount, date, and time.
The proposed guidelines are not mandatory, but MAS has the power to make these guidelines enforceable under law.
The guidelines will also not apply to scams such as phishing. Such cases are referred to the police, with the fraudsters prosecuted under law.
In a media statement, MAS deputy managing director Jacqueline Loh said: "MAS hopes that these guidelines will help to make e-payments simpler and more secure, and give individuals and micro-enterprises more confidence to adopt and integrate e-payments into their daily activities."
MAS is seeking public feedback on the guidelines until March 16. It plans to publish the guidelines in the first half of this year.