The Monetary Authority of Singapore (MAS) has published a consultation paper to roll out the most suitable ways needed to verify a client’s identity while in-person meetings cannot happen.
The regulator said the measure stems from a rise in impersonation scams and additional processes are required to avoid such risks.
Under the proposed notice, it would be mandatory for firms to use at least one of four methods of verification.
- Password or PIN only known to the individual;
- One-time password generated by a hardware or software available to the individual;
- Biometric information, such as face or fingerprint recognition; and/or,
- Information only known to the client and the firm, such as account-related data.
Extra layers of security
The MAS’ draft measure would also prohibit firms from using a national registration identity card (NRIC) number, residential address and date of birth as the only means of verification.
Tan Yeow Seng, chief cyber security officer at MAS, said: “Personal information such as NRIC number and date of birth are often provided by members of public for various purposes, such as filling in an application form.
“This information, if fallen into the wrong hands, can be used for impersonation fraud. Financial institutions already have in place these identity verification practices.
“The proposed notice will further bolster consumer confidence in financial institutions by making these identity verification practices compulsory during non-face-to-face financial transactions.
“Consumers should also play their part by not disclosing their online banking login credentials such as account username, PIN number and one-time password.”