MAS Proposes New Identity Verification Process As Impersonation, Banking and Finance Scams Increase



[ad_1]

Tue, November 10, 2020 – 11:26 am

SOON, Financial Institutions (FIs) may no longer be able to rely on common personal information such as NRIC number, residential address, and date of birth as the sole means of identity verification.

This comes as the Monetary Authority of Singapore (MAS) issued a consultation paper on the types of information required for non-face-to-face verification of an individual’s identity on Tuesday, amid growing cases of impersonation scams.

With the consultation, MAS aims to address the risks arising from the theft and misuse of a person’s personal data.

In regards to telephone or online banking, it is proposed that FIs will need to use at least one of the following types of information for remote verification before conducting any transaction or request from an individual:

a) information that only the person knows, such as password or PIN;

b) information that only the person has, such as a one-time password generated by a hardware token issued to the person or a software token activated on the person’s mobile device;

c) information that uniquely identifies the person, based on the person’s biometrics, such as facial or fingerprint recognition; Y

d) information that is only known between the individual and financial institutions, such as account transaction information.

On the rationale for this measure, Tan Yeow Seng, MAS cybersecurity director, noted that members of the public often provide personal information such as the NRIC number and date of birth for various purposes, such as filling out an application form. .

“This information, if it falls into the wrong hands, can be used for spoofing fraud,” he said.

While many FIs have already implemented these identity verification practices, the proposed notice will further strengthen consumer confidence in FIs by making these identity verification practices mandatory during non-face-to-face financial transactions, he added. So.

Along the same lines, MAS’s Cyber ​​Security Advisory Panel also urged FIs on Tuesday to review their security controls, given the elevated technology-related risks stemming from remote work in the aftermath of the Covid-19 pandemic. .

It unveiled several key recommendations on improving cybersecurity for FIs at the fourth annual panel meeting with MAS management on November 5, 2020.

A key recommendation from the panel was the need for FIs to review cyber risk profiles to see if they have changed amid the rapid adoption of remote access technologies and work processes. This is to ensure that proper controls are in place to mitigate any new risks.

With the increased reliance on external providers, the panel also emphasized that FIs need to intensify their oversight of these counterparties and monitor and secure third-party remote access to FI systems.

Another key recommendation was that FIs strengthen governance over the use of open source software (OSS). This occurs when vulnerabilities in OSS are “typically attacked and exploited by threat actors,” and the panel recommended that FIs establish policies and procedures on the use of OSS to ensure these codes are reviewed and tested prior to implementation.

Ravi Menon, MAS Managing Director, said Singapore’s financial sector has “done well so far” in its cyber and operational resilience amid the new operating environment created by the pandemic.

“But as the situation drags on, that resilience will come under increased stress as cyber attackers search for new vulnerabilities,” said Menon, who chaired the meeting. “Financial institutions must remain vigilant and agile and strengthen their defenses against emerging cyber threats.”



[ad_2]