The Monetary Authority of Singapore (MAS) has released a consultation paper on the various types of information needed during non-face-to-face identity verification of financial institutions’ customers.
The consultation comes amid an increase in impersonation scam cases, a statement from the regulator said. It also seeks to address the risks arising from theft and misuse of an individual’s personal data.
According to the proposal, financial institutions such as banks and insurers will be required to use at least one of the following types of information for non-face-to-face identity verification before it undertakes any transactions or requests from an individual:
- Information that only the individual knows, such as password or PIN;
- Information that only the individual has, such as one-time password generated by a hardware token issued to the individual or software token activated on the individual’s mobile device;
- Information that uniquely identifies the individual, based on the individual’s biometrics, such as face or fingerprint recognition; or
- Information that is only known between the individual and the financial institutions, such as account transaction information.
The proposal will also prohibit financial institutions from relying solely on common personal information such as NRIC number, residential address or date of birth, for identity verification.
“Personal information such as NRIC number and date of birth are often provided by members of public for various purposes, such as filling in an application form,” said Tan Yeow Seng, chief cyber security officer of MAS. “This information, if fallen into the wrong hands, can be used for impersonation fraud. Financial institutions already have in place these identity verification practices.
“The proposed notice will further bolster consumer confidence in financial institutions by making these identity verification practices compulsory during non-face-to-face financial transactions. Consumers should also play their part by not disclosing their online banking login credentials such as account username, PIN number and one-time password.”
The consultation paper is available on the MAS website, and comments from the public will be accepted until December 09.