UOB, DBS roll out new anti-malware app features in fight against scams
Michelle Zhu
UOB and DBS are introducing new security features to their banking apps in a move to prevent their users from falling prey to malware-enabled scams.
On Tuesday (Sep 26), the two banking giants said that the new measures will be rolled out progressively from September, with UOB’s to start from Sep 27.
Both stressed that the new anti-malware features do not monitor customers’ phone activities, nor collect or store any personal data.
One common feature of the UOB TMRW and DBS/POSB digibank apps will be the restriction of customer access in the event of any ongoing screen-sharing or screen-mirroring activities.
UOB said that this prevents app users from sharing their mobile screens with scammers unknowingly, as it may allow the scammers to take control of their devices and compromise their banking information.
If apps with “risky permissions settings” are detected on UOB TMRW app users’ devices, the users will also be restricted from their accounts until such apps are uninstalled, or their accessibility permissions are turned off.
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
“These apps with risky permissions settings can be exploited by scammers to compromise customers’ mobile devices and banking apps,” said UOB’s head of group compliance Daniel Ng. “These features are necessary for enhanced security to mitigate the risks and protect customers (from) malware scams. We also seek our customers’ understanding that deployment of the features may lead to some inconvenience.”
Similarly, DBS/POSB customers will not be able to access their accounts upon the digibank app’s detection of malware, malicious applications, or unverified applications with accessibility permissions enabled.
DBS is also introducing a “Security Checkup” dashboard to its digibank apps, such that customers may view and track their security settings within the app, and take the recommended actions to protect themselves from being scammed or defrauded.
DBS said that this dashboard serves to “inculcate in customers the habit of regularly reviewing their security settings”.
“We recognise that certain measures may add some friction to the customer journey and seek their understanding that (the measures) are necessary to ensure that they can perform digital transactions on a secured platform with peace of mind,” said Han Kwee Juan, DBS’ Singapore country head. “As we intensify efforts to protect our customers, we are also empowering them to take proactive steps in safeguarding themselves through our self-managed security features… We believe heightened vigilance is crucial in our combined efforts to combat scams and fraud.”
Malware, which is short for malicious software, includes viruses, spyware and keyloggers. Such software may be used to gain access to and infect device systems to steal information such as banking login credentials and SMS OTPs (one-time passwords).
The two lenders’ new app security features follow the Association of Banks in Singapore’s (ABS) announcement earlier this month that major retail banks in Singapore have enhanced their security measures to protect customers from malware scams.
ABS director Ong-Ang Ai Boon said that such measures “will not be foolproof”, and that “the best defence against scams is still a discerning and vigilant customer”.
The Singapore Police Force issued a Sep 20 advisory on a new variant of malware scams, where scammers would execute unauthorised transactions on their victims’ infected devices and initiate a factory reset after.
It noted that there were more than 750 cases of victims downloading the malware onto their phones within the first half of 2023 alone, resulting in losses of at least S$10 million.
Copyright SPH Media. All rights reserved.
