Citibank is doing something similarly too.

www.channelnewsasia.com

Citibank says restrictions to the Citi Mobile App will be lifted once the risky permission settings have been disabled.

Singapore banks’ new security feature to curb malware scams can halt mobile banking services on detecting 'unauthorised' apps

• Banks in Singapore are rolling out a “stronger security feature” to detect higher-risk behaviours linked to malware activities when banking apps are opened

• The feature temporarily disallows customers from using digital banking services if it detects apps downloaded from unofficial app stores on phones

• This move has drawn negative responses from some bank customers

• The Association of Banks in Singapore responded by saying that in having this feature, they do not monitor customers’ phone activity or conduct surveillance on their mobile phones

SINGAPORE — To counter malware scams, banks here are rolling out a “stronger security feature” where phone users will not be able to use their mobile banking applications or log in to their internet banking accounts temporarily if their devices have other apps downloaded outside of official app stores.

In doing so, the banks do not monitor customers’ phone activity or conduct surveillance on their mobile phones.

This was the response from Mrs Ong Ai Boon, director of the Association of Banks in Singapore (ABS), on Tuesday (Aug 8).

She was addressing queries from TODAY after some customers of OCBC bank reacted negatively to the new feature. They said that it was an inconvenience and questioned if the bank is being “high-handed” or can monitor users' activities on their phones.

These customers had gone to OCBC's Facebook page as well as on online forums such as Reddit to voice their unhappiness since the bank rolled out the feature last Saturday. 

In a Facebook post on Sunday, OCBC said that its customers will not be able to log in to its internet banking or mobile app if they do not uninstall apps downloaded outside of official app stores from their phones.

They will be required to download and reinstall the apps only from official app stores to continue using the bank's digital services.

TODAY understands that other Singapore banks, apart from OCBC, will be rolling out the security feature, and has reached out to DBS and United Overseas Bank for comment.

Reiterating an explanation by OCBC on Sunday, Mrs Ong said: “ABS would like to assure all banking customers that this security feature does not collect or store any personal data.

“The technology detects higher-risk behaviours that are characteristic of known malware activities when the banking apps are opened. It does not identify the owner of the mobile phone.” 

She added that banks here have been working closely with government and law enforcement authorities to fight malware scams, which are deemed “particularly aggressive” and pose a serious threat to consumers.

“Together with the authorities, we have been reminding members of the public of the dangers of downloading apps from unauthorised sources that can lead to malware being installed on their mobile phones.

“In general, consumers who do not take the necessary precautions will be expected to bear the losses arising from malware scams,” Mrs Ong said.

The Monetary Authority of Singapore (MAS) said on Tuesday night that it strongly supports banks' moves to bolster the security of digital banking in the wake of malware-related scams, to which an increasing number of customers have fallen prey.

“OCBC’s latest security feature aims to address the dangers of downloading applications from unauthorised sources, as these may contain malware,” the central bank said.

“It is in the nature of new innovations that they may cause unintended inconveniences.

"MAS will work with the banks to learn from these experiences and continually enhance their security features.”

Mr Beaver Chua, head of anti-fraud at OCBC group financial crime compliance, told TODAY that the security feature was to help filter out “bad apps” that can make devices susceptible to security vulnerabilities.

He cited as examples recent cases of malware scams such as Central Provident Fund accounts being remotely accessed by scammers, resulting in money being withdrawn.

When asked about the conditions the feature takes into account when filtering the apps, he said that he cannot go into specifics.

In general, it looks at:

• whether the apps are downloaded from official app stores

• the risk settings of the apps, such as whether they carry certain risks or unwanted permissions

• whether the apps can be remotely accessed, giving scammers control

Addressing claims by online users that some legitimate apps such as Microsoft Authenticator are being identified as risky, Mr Chua said that these apps are usually downloaded directly from websites and not app stores.

“Since we rolled out the Android security feature on Aug 5, we have not received any malware scam reports from customers who have updated their app and therefore have this new feature.

“This is in contrast to before Aug 5, where we usually receive at least one malware scam report from our customers a day,” Mr Chua said, adding that the feature also recognises app stores from other mobile device brands such as Oppo and Huawei.

Customers who have problems with digital banking related to this may proceed to OCBC's bank branches for help or call the bank's customer service hotline at 1800-363-3333, Mr Chua advised.

Mrs Ong said that in putting up new security measures to protect customers, banks will strike a balance between security and convenience.

“We seek the understanding of consumers, as scammers are deploying increasingly sophisticated tactics,” she added.

MAS said that while security measures will come with “some measure of added inconvenience” for customers, they are necessary to maintain security of and confidence in digital banking.

“Coupled with a vigilant and discerning public, robust security measures will help us strengthen our defence against scams.”

In late 2021, OCBC was involved in a high-profile case where hundreds of phishing scams linked to its bank accounts caused victims to lose millions of dollars in total. Since then, the bank and the authorities have been bolstering security measures and improving communication to customers in order to counter scams and enhance digital banking services.  

https://www.todayonline.com/singapore/singapore-banks-new-security-feature-curb-malware-scams-can-halt-mobile-banking-services-detecting-unauthorised-apps-2228931

Looks like OCBC is getting from bad to worse *shakes head*

IN OCBC WE CLEARLY DO NOT TRUST.

Next iteration: Kindly uninstall all apps of competitor banks, else you will not be able to access the OCBC app on your phone ;)

Epic fail by OCBC tsk tsk

Dear OCBC,

Scan 就 scan, 没办法的。

As the saying goes, kiang jiu ho, mai geh kiang. Someone's head must roll for this unnecessary mess created.

Heng ah I use an iPhone

A round of applause for the Overseas Chinese Bank of Clowns for fucking up for the umpteenth time!

Let me venture a guess - it's the latest brainchild of this brainless nincompoop?

www.prolificskins.com

And yet folks wonder how the phishing scams could have arisen so effortlessly. Did you even fucking do some due diligence before hiring his ass eh OCBC???? https://www.ocbc.com/group/about-us/our-leadership#praveen-raina https://sg.linkedin.com/in/praveenraina

😡😡😡

Congrats OCBC, you succeeded big time in pissing your customers off again