The Monetary Authority of Singapore (MAS) issued a consultation paper on the types of information required for non-face-to-face verification of an individual’s identity or better known as eKYC by the industry. These proposed requirements come against the backdrop of rising impersonation scam cases, and seek to address the risks arising from theft and misuse of an individual’s personal particulars.
In the new proposed requirement, it would be mandatory for banks to use one of the following type of information for non face to face verification; passwords or PIN, biometrics, token generated password, or information only known between the bank and customer such as transaction information.
The proposed Notice will also prohibit financial institutions from relying on common personal information such as NRIC number, residential address and date of birth as the sole means of identity verification.
Mr Tan Yeow Seng, Chief Cyber Security Officer, MAS, said,
“Personal information such as NRIC number and date of birth are often provided by members of public for various purposes, such as filling in an application form. This information, if fallen into the wrong hands, can be used for impersonation fraud.
Financial institutions already have in place these identity verification practices. The proposed Notice will further bolster consumer confidence in financial institutions by making these identity verification practices compulsory during non-face-to-face financial transactions. Consumers should also play their part by not disclosing their online banking login credentials such as account username, PIN number and one-time password.”
The consultation paper is available on MAS’ website
Featured image: MAS