MAS sets out e-payment guidelines for banks, consumers

Singapore

MAJOR retail banks offering mobile payments options here will effectively have about six months to ensure proper notification of e-payment transactions by their customers, as the regulator moves to set standards for consumer rights in this space.

To spur a wider adoption of e-payments in Singapore, the Monetary Authority of Singapore (MAS) on Tuesday outlined the liabilities held by these customers in the event of unauthorised transactions, and set out the banks' responsibilities in notifying customers of e-payment transactions so that account holders can keep track of digital fund flows.

MAS said banks should offer transaction notifications so that account holders can monitor their accounts.

At the minimum, the banks should send account holders an SMS or e-mail of all e-payments in and out of either their bank accounts or mobile wallets holding credit cards, once a day. The information should identify the recipient, and each transaction's amount, date, and time.

It plans to publish the guidelines in the first half of this year. The proposed guidelines came after Singapore launched PayNow, a free service offered by seven retail banks that enables mobile fund transfers through the recipient's mobile phone number or NRIC number. Since the launch in July, more than a million users have registered with PayNow.

Banks have also offered their own version of mobile payments. But broadly, the standards on notification have differed. BT understands that some retail banks have flagged the cost constraints and the necessity in sending multiple SMSes.

The proposed guidelines would apply to both individuals and small business owners, defined as "micro-enterprises" that either hire fewer than 10 staff, or make less than S$1 million in annual turnover.

Account holders who were careful in protecting their accounts would not be liable for any unauthorised transactions, MAS said. This would typically mean such customers used strong passwords and tucked them away, as well as updated IT security patches regularly.

Consumers or small businesses found to be careless but not reckless in contributing to unauthorised transactions that are being disputed, would be liable for up to S$100. Such account users might have misplaced a mobile phone or have accidentally given away passwords.

But if banks can prove that reckless behaviour by customers led to the unauthorised transactions, consumers would then be liable for the actual loss.

When a "fat finger" transaction has occurred - that is, when a payment is made to a wrong person by accident - customers can work with the sending and receiving banks to have the funds returned in about a week's time.

A DBS spokesman said the bank is supportive of these new measures as the protection guidelines will provide more clarity and assurance to consumers using e-payment options. DBS PayLah! is used by some 800,000 users. Since 2010, Singapore's largest bank has also offered a "Money Safe Guarantee" that protects against unauthorised transactions. DBS will repay the money taken from customers' account due to an unauthorised transaction. But similar to the terms of the MAS proposal, the guarantee is only applicable if customers have been vigilant about their digital security.

The proposed guidelines mainly apply to e-payment options offered by banks and NETS now. Once the new Payment Services Bill is passed into law, mobile wallets operators that have an average daily e-money float of more than S$5 million a year would have to be licensed by MAS, and would have to adhere to these new guidelines. Other mobile wallets out in the market include GrabPay.

The proposed guidelines are not mandatory, but MAS can turn them into law in future if necessary.

The guidelines would not apply to scams such as phishing. Such cases would be referred to the police, with the fraudsters prosecuted under law.

MAS is seeking public feedback on the guidelines until March 16.

READ MORE: Behind the human error that crashed NETS