Singapore To Tighten Banking Security
Several weeks after the rash of unauthorized withdrawals that saw DBS Bank lose over S$1 million to ATM skimmers, the Monetary Authority of Singapore (MAS) declared that it is working with the financial institutions in Singapore to safeguard their systems and operating capability.
The EMV card, a global standard for payment cards, made more secure because account information is stored on the chip. (Image: Gemalto)
Mr Tharman Shanmugaratnam, Deputy Prime Minister and Chairman of MAS said all banks must act promptly to any reported breach and make sure the problems are resolved and should never happen again.
Following the recent incident, the Association of Banks in Singapore announced, in January 2012, that the industry will adopt the EMV standard in ATM cards to address the risk of card skimming. Its implementation will require infrastructure changes to the ATM networks, and will take two years for completion.
EMV stands for Europay, MasterCard and Visa. It is a global standard for payment cards based on chip card technology.
While waiting for the new changes, Singapore banks are securing customer accounts by disabling overseas withdrawals — unless the customer requests for access when they travel. Customers now get SMS alerts for cash withdrawals that reach a pre-defined limit. DBS Bank replaced all the ATM cards affected in the skimming incident, and this will be a standard response in future incidents. Customers who are at risk of exposure to skimming will also get new cards.
MAS encouraged Singapore banks to beef up their surveillance and security systems, and to implement all the necessary changes as soon as possible. MAS acknowledged the severity of the problem and said it lookd at several options before deciding on EMV.
The industry has also evaluated various options, including biometrics to upgrade the overall security architecture of ATM systems… The timeline to move away from magnetic stripe is in line with those in other developed jurisdictions such as Australia and countries in the European Union.
DBS bank enacted new security measures last January, such as disabling of ATM card usage overseas, SMS alerts for suspicious overseas transactions and SMS alerts for local withdrawals and payments above a certain threshold. DBS also sent out new cards for customers affected by the January and February skimming incidents, as well as to customers who were at risk.
Three suspects were taken in for investigation last January, but no other suspects were reported for the February incident which saw $23,000 (US$ 18,348) taken from DBS customer accounts. DBS announced that a third ATM machine was compromised along with the two ATMs in Bugis, as reported earlier.
The EMV chip is already included in most of the ATM cards issued in Singapore, and merchants use the EMV system for payments. ATM technology has lagged in this area because majority of the machines in the island state still access account information from the magnetic strip at the back of every card.
While waiting for the ATMs to get upgraded, the onus is on every account holder to be vigilant.