Singapore’s banks have been told to tighten customer data verification processes following the recent SingHealth cyber attack, by which personal data of 1.5 million people was illegally accessed and stolen.
According to the notice sent to all financial institutions in the country by the Monetary Authority of Singapore (MAS), the banks should no longer rely only on the traditional types of personal information such as name, NRIC number, address, gender, race, and date of birth, for customer verification.
MAS says: “To address any risk that the information stolen from SingHealth may be used by fraudsters to impersonate customers and perform unauthorized financial transactions, MAS has directed financial institutions to tighten their customer verification process. Additional information must be used for verification before undertaking transactions for the customer. This may include, for instance, One-Time Password, PIN, biometrics, last transaction date or amount, etc.”
