MAS tells financial institutions to tighten customer verification processes

[SINGAPORE] The Monetary Authority of Singapore (MAS) has urged financial institutions here to strengthen their customer verification processes.

It issued a statement on Tuesday (July 24) in the wake of the country's worst cyber attack when the personal data of 1.5 million SingHealth patients was stolen between June 27 and July 4.

The MAS said it recognises that banks already use two-factor authentication processes to identify their customers, and that financial institutions have robust processes in place.

However, it said they should no longer rely solely on the types of information that was stolen during the cyber attack: names, IC numbers, addresses, gender, race, and dates of birth.

It recommended that they verify customers with additional information before undertaking transactions, such as one-time passwords, pin numbers or biometrics.

The MAS also asked all financial institutions to conduct a risk assessment on the impact of the SingHealth attack on the services they provide to consumers.

They should immediately take steps to reduce the risks that could arise thanks to the stolen information.

The authority said it will work with institutions on their risk assessments and mitigation steps.

Its chief cyber security officer Tan Yeow Seng said:"MAS will work closely with the financial institutions to ensure that robust cyber defences are in place so that customers can carry out online financial transactions with confidence. But customers must also play their part. They must safeguard their passwords and practise good 'cyber hygiene'.

"If they suspect any fraudulent transactions in their accounts, they should notify their banks immediately."

THE STRAITS TIMES