Local banks move to prevent stolen card details from being added to e-wallets

A new mobile banking app feature will allow DBS and POSB card holders to control who can add their cards to mobile phone wallets from mid-May.

The move is part of the local banks' efforts to stop scammers from adding phished card details to their mobile wallets -- like Apple Pay and Google Pay -- for fraudulent spending, as such cases climb, said DBS on May 8.

Over 650 police reports were lodged in the last quarter of 2024, totting up to losses of at least $1.2 million, said DBS, citing police data.

With this launch, users will no longer be able to add card details to their device for contactless payment until they switch on the "mobile wallets" toggle in the DBS banking app.

The switch will be "off" by default. After turning it on, users have 10 minutes to add their card details before the switch automatically turns off again.

"By introducing the deliberate pause, we enable customers to be alert when performing transactions," said Mr Calvin Ong, DBS Singapore's head of consumer banking.

There are more than 6.5 million DBS and POSB debit and credit cards in circulation here.

Previously, anyone, including grifters, could add stolen card details to their phones if they had also phished the user's SMS one-time password (OTP).

This switch is the latest addition to the bank's raft of security control features in its app, including a money lock tool launched in 2023 that lets customers keep sums of money from being transferred digitally.

"Joint vigilance with our customers is essential to combating scams and we will continue to expand our suite of self-managed security features, as well as anti-scam educational resources and community events, to empower our customers to take control of their security," said Mr Ong.

Other banks are on it too.

UOB and OCBC are set to launch by July an in-app digital token authentication step for adding cards to mobile wallets, said spokesmen for the banks.

This retires the need for SMS OTPs, which are vulnerable to phishing.

Since 2023, OCBC has actively removed cards linked to multiple mobile wallets, when detected, said Mr Beaver Chua, the bank's head of anti-fraud, group financial crime compliance.

Those unfamiliar with mobile wallets can call the ScamShield Helpline (1799) for assistance.

Source: Straits Times © Singapore Press Holdings Ltd. Permission required for reproduction.

Simplicity is needed to untangle insurer Income’s Gordian knot (UAT 1) ADV: This is a test UAT sponsored link 2