As the banking industry constantly strives to make e-payments solutions simpler and more secure to use, The Monetary Authority of Singapore has issued the E-Payments User Protection Guidelines (“Guidelines”) which spells out the roles and responsibilities of banks and our customers when making e-payments.
Please be aware of your responsibility as an account holder and adopt safe banking measures to protect your bank accounts from unauthorised or erroneous transactions.
Please read the highlights of the guidelines below to understand the Bank’s as well as your rights and obligations as an account holder under the guidelines which will take effect on 30 June 2019.
What are my responsibilities in protecting my bank account?
- Practise good security hygiene by changing your online banking PIN/password periodically and do not share with anyone.
- Keep your* contact details (such as mobile number and email address) up to date with OCBC so that we can send you transaction alerts by SMS or email.
- Choose to receive transaction notifications for outgoing transactions.
- Monitor your* transaction alerts and account statements for any unauthorised and erroneous transactions.
* in the case of sole proprietors, the person appointed at point of application/maintenance
Do not:
- disclose your banking credentials such as Online Banking Access code, PIN or One-Time Password (OTP), Organisation ID, User ID or Password, credit/debit/ATM card details to any third party, for any purpose including to initiate or execute any payment transaction involving your account
- disclose your access code/password in a recognisable way on any payment account, authentication device, or any container for the payment account
- store or keep a record of your access code, PIN/Password, card details in a way that allows any third party to easily misuse them
- do not click on the weblinks in SMSes or emails to access our websites as these may be phishing attempts. Please always type our URL : https://www.ocbc.com/login (Individuals) or https://velocity.ocbc.com (Sole Proprietors) into the browser’s address bar or use our Mobile Banking/Business Mobile Banking apps.
Do:
- only download the OCBC Mobile Banking app or OCBC Business Mobile Banking app from the official app stores (Apple App store or Google Play Store)
- update your device’s browser to the latest version available
- patch your device’s operating systems with regular security updates provided by the operating system provider
- install and maintain the latest anti-virus software on your device
- change your PIN/password regularly.
- use strong password (such as a mixture of letters, numbers and symbols).
- do not use a PIN/password which can be easily guessed.
- check carefully the e-payment instruction and details of the recipient (such as name, account number, mobile number, email address or unique entity number) before executing or confirming any e-payment transaction.
- read carefully any notifications sent by the Bank. If you are asked to perform or authorise transactions that you are not aware of, do not do so.
- report to the Bank immediately if you notice any unauthorised/erroneous transaction.
What are my responsibilities in making e-payments?
- Provide accurate contact information for the Bank to send transaction notifications;
- Protect your login credentials and access to your protected accounts; login credentials include Login ID, access code, PIN/password, OTP or other credentials that are used to authenticate your identity;
- Enable and monitor transaction notifications and report unauthorised transactions as soon as possible;
- Provide information on unauthorised transactions as requested by the Bank to support investigations; and
- Make a police report if the Bank requests such a report to be made to facilitate claims investigation.
Transaction alert notifications
The default alert threshold for local ATM or debit/credit cards transaction is S$1,000. You may choose to change the threshold to your preferred setting. If you set it at a higher threshold than S$1,000, it will mean that you will not be notified of any transaction below S$1,000. This may have an impact on your liability for losses arising from unauthorised transactions.
For outgoing online banking e-payments, the Bank will send transaction alerts by SMS/Email/in-app notification, depending on your option setting, starting from S$0.01.
Where you have set thresholds for transaction notifications previously, those thresholds will continue to apply. Otherwise, the default threshold set by the Bank will apply.
Please refer to Question 7 below for the types of notifications available based on the Guidelines.
Unauthorised Transactions:
Someone used my account without my permission.
What should I do after discovering an unauthorised transaction?
- Should you become a victim of an unauthorised transaction, please inform us immediately. You can report to us by calling us at the following hotlines or visiting our branch during their opening hours.
For Individuals
1800 363 3333 or 6363 3333 if calling from overseas;
For Premier Banking customers
1800 773 6437 or 6530 5930 if calling from overseas;
For Sole Proprietors
+65 6538 1111
- Give full information of the unauthorised transaction such as payee details including bank name, payee name, account number, transaction date and time, amount, sender and your account details.
- Make a police report if you have encountered a fraud or scam. We may request that you file a police report to facilitate our investigation.
What will the Bank do after you report an unauthorised transaction?
After receiving the information required to facilitate the investigation, the Bank will complete an investigation of any relevant claim within 21 business days for straightforward cases or 45 business days for complex cases.
Complex cases may include cases where any party to the unauthorised transaction is residing overseas or where the Bank has not received sufficient information from you (as the account holder and in the case of sole proprietors, the person appointed at point of application/maintenance) to complete the investigation. The Bank will update you of the outcome of our investigation. If it has been assessed that you are not liable for any loss from the unauthorised transaction, the Bank will credit your account as soon as our assessment is complete.
Should you disagree with our assessment of liability, you may proceed with other forms of dispute resolution including mediation at FIDReC.
Please note that transactions arising from frauds or scams are not in scope within the Guidelines.
For erroneous/unauthorised transactions on credit cards, charge cards or debit cards, the dispute resolution process established under the respective card scheme will apply.
Erroneous Transactions: I have sent a wrong payment
What should I do after discovering an erroneous transaction?
- If you have sent an erroneous transaction, please inform us immediately. You can report to us by calling us at the following hotlines or visiting our branch during their opening hours.
For Individuals
1800 363 3333 or 6363 3333 if calling from overseas;
For Premier Banking customers
1800 773 6437 or 6530 5930 if calling from overseas;
For Sole Proprietors
+65 6538 1111
- Complete a GIRO/FAST/PAYNOW funds recall form or IFT/Telegraphic Transfer/MEPS funds recall form. You may be advised to file a police report.
- Give full information of the erroneous transaction such as recipient’s unique identifier, including account number, identification number, name or other credentials entered by you and the date, time, amount and purpose of the transaction.
What will the Bank do after you report an erroneous transaction?
The Bank will endeavour to assist to recall the funds from the recipient and update you of the outcome. Longer time may be taken for more complex cases.
Important Notes:
- The liability apportionment set out in the Guidelines do not apply to transactions on credit cards, charge cards and debit cards issued in Singapore. For transactions on credit cards, charge cards and debit cards issued in Singapore, the apportioning of liabilities is governed by the ABS Code of Consumer Banking Practice.
- Please note that the Guidelines do not apply to scams or frauds, which will be investigated by the police.
Learn more about phishing, malware, online security and how to protect yourself from fraud.
Frequently asked questions
On Guidelines
-
What are the E-payment User Protection Guidelines all about?
The Guidelines are issued by MAS to protect users of electronic payments. They aim to encourage wider adoption of e-payments in Singapore.
The Guidelines establish a common baseline protection that Financial Institutions will provide to individuals and sole proprietors from losses arising from unauthorised e-payment transactions from their protected accounts.
-
What is a protected account?
Protected accounts as defined in the Guidelines are those that:
- are held by either individuals or sole proprietors, including those held jointly by multiple account holders; and
- can hold a balance of more than S$500 or equivalent at any one time (Stored value facilities like EZ-Link card and NETS Cashcard are thus not covered by the Guidelines), or is a credit facility.
-
What e-payments do the Guidelines cover?
The guidelines cover all payments initiated through electronic means, and where funds are received through electronic means. These include online payments and transfers.
- How do the Guidelines protect me?
The Guidelines set out your responsibilities as an e-payment user to adopt good security practices. These include how you should protect your device, login credentials, access codes and protected accounts.
We will provide you with transaction notifications and a reporting channel so that you may be alerted of unauthorised transactions and report them should they happen.
We will investigate claims of unauthorised transactions, with the aim of achieving a fair and reasonable resolution.
Please note that the Guidelines do not apply to scams or frauds, which will be investigated by the police.
On Transaction notifications
- What are these transaction notifications for?
The notifications safeguard you against unauthorised and erroneous transactions. They are to alert you of such transactions so that you may report them to us for quicker resolution.
- What type of transactions will I be notified on?
Notifications will be sent by us for outgoing payments initiated through electronic means. These include online payments/transfers and debit/credit card transactions.
Some electronic transactions may not trigger notifications if they were not initiated or received through electronic means. Transactions initiated by us, such as credit card cashbacks, will not trigger notifications under the Guidelines.
The notifications you receive may also depend on your instructions to us. For instance, you may have instructed us that a notification be sent only for certain types of outgoing transactions or if a transaction is above a certain amount.
- What type of transactions will I be notified on based on the guidelines?
For Individuals:
| Types of SMS/Email Alerts | Default Enrolment Settings | Default Threshold |
|---|
| Top-ups and NETS purchases initiated via ATM card | Auto-enrolment | S$1,000.00 cumulative basis |
| Bill Payment and funds transfers initiated via ATM card | Auto-enrolment | S$1,000.00 |
| Online Banking payments and transfers | Auto-enrolment | S$0.01 |
| Debit/credit card transactions* | Auto-enrolment | S$1,000.00 |
Click here for other transaction alerts available.
For Sole Proprietors:
| Types of SMS/Email Alerts | Default Enrolment Settings | Default Threshold |
|---|
| Cashcard top-ups, funds transfer, Bill Payment and NETS purchases initiated via ATM card | As per indicated in the Corporate ATM SMS Alert setup/maintenance form | S$1,000.00 cumulative basis |
| Online Banking payments and transfers | Auto-enrolment for all online banking users based on contact details provided | S$0.01 |
Card transaction*
- Debit card transactions | Auto-enrolment based on the contact details provided in the Business Debit Card application | S$1,000.00 |
*Transactions initiated by the bank, such as credit card cashbacks, will not trigger notifications under the Guidelines.
Where you have set thresholds for transaction notifications previously, those thresholds will continue to apply. Otherwise, the default threshold set by us will apply.
-
How will these notifications be sent?
Notifications may be sent via any of these channels:
| Channels | Individuals | Sole Proprietors |
|---|
| SMS | Yes | Yes |
| Email | Yes | Yes |
In-app
(funds transfer within own accounts; bill payment) | Yes | NA |
- Do I need to enrol for these notifications?
You are automatically enrolled for notifications of outgoing transactions initiated through electronic means. This is applicable for new and existing customers (please refer to the default threshold limit set out in Question 7).
Please update us with your* latest mobile number or email address to ensure that you receive the notifications.
* in the case of sole proprietors, the person appointed at point of application/maintenance
- Will I be charged for this service?
This service is currently free.
- I am receiving too many notifications. How do I stop these notifications?
The notifications are a safeguard against unauthorised and erroneous transactions. There is a default threshold limit set for certain types of transactions (refer to Question 7 above). Based on your payment patterns, you may wish to adjust your notification thresholds so that you receive notifications that are most relevant to you. For instance, you may wish to be notified only if the transaction is above a certain amount.
-
What will happen to the existing notification thresholds that I have set previously?
Your existing notification thresholds will continue to apply and you may visit the notification settings to change it anytime.
- How do I customise the alert settings?
For Individuals:
You may choose to customise the alert settings via OCBC Online Banking.
For those alerts with selection of threshold limit available (such as ATM/card transactions), you can change the alert threshold to your preferred setting.
For more enquiries, please call 1800 363 3333 or visit any of our OCBC branches.
For Sole Proprietors:
- How do I update my mobile phone number?
To ensure you are kept informed of your account/transaction details, it is important for the bank to be updated with your current mobile phone number.
You may update your mobile phone number via the following methods:
For Individuals:
You may choose to customise the alert settings via the following methods:
For Sole Proprietors:
- What should I do if I receive a notification for a transaction that I do not recognise?
This could be an unauthorised transaction and you should inform the Bank immediately. Please provide the following information to us:
- The bank account affected;
- Your identification information;
- The type of authentication device, access code/login credentials and device used to perform the payment transaction;
- The name or identity of any account user;
- Whether the account number, authentication device, or access code/login credentials was lost, stolen or misused and if so,
- the date and time of the loss or misuse,
- the date and time that the loss or misuse, was reported to you, and
- the date, time and method that the loss or misuse, was reported to the police;
- any access code/login credentials that is applicable to the account,
- how the account holder or any account user recorded the access code/login credentials, and
- whether the account holder or any account user had disclosed the access code/login credentials to anyone.
Liability and reporting of erroneous/unauthorised transactions
- If I report an unauthorised or erroneous transaction to my bank, when can I expect a resolution?
We should complete an investigation of any relevant claim within 21 business days for straight forward cases, and up to 45 business days for complex cases.
For erroneous/unauthorised transactions on credit cards, charge cards or debit cards, the dispute resolution process established under the respective card scheme will apply.
- If I report an unauthorised transaction, am I still liable for the transaction?
You will not be liable for any loss that arises from any action or omission by us, if you have complied with your duties as an account holder. For losses due to any other independent third party other than you and us, subject to the below, you will also not be liable if the outgoing transaction value is within S$1,000.
You will, however, be liable if it is ascertained that the primary cause was recklessness on your part, such as failing to protect your access code/login credentials or access to your protected account. Your liability will be capped at the transaction limit or daily payment limit, where applicable.
In all cases, we will conduct an assessment to determine the appropriate liabilities and work towards a fair and reasonable resolution.
For transactions on credit cards, charge cards and debit cards issued in Singapore, the apportioning of liabilities is governed by the ABS Code of Consumer Banking Practice.
- What should I do if I receive erroneously sent funds?
Please inform us as soon as possible. You may be facilitating criminal activities, such as money laundering and unlicensed money lending, if you knowingly receive money from strangers, dubious sources or other unverified sources. It is a criminal offence if your bank account is used to receive money linked to criminal activities or keeping erroneously sent funds.
- If I have sent funds erroneously to a wrong party, what should I do to get my money back?
Please contact us immediately to log your case. Reasonable efforts will be taken by us to recover the money sent, where possible. We and the receiving bank will facilitate communication between you and the recipient to help you recover the money that was sent wrongly.
