As the banking industry constantly strives to make e-payments solutions simpler and more secure to use, The Monetary Authority of Singapore has issued the E-Payments User Protection Guidelines (“Guidelines”) which spells out the roles and responsibilities of banks and our customers when making e-payments.
Please be aware of your responsibility as an account holder and adopt safe banking measures to protect your bank accounts from unauthorised or erroneous transactions.
Please read the highlights of the guidelines below to understand the Bank’s as well as your rights and obligations as an account holder under the guidelines which will take effect on 30 June 2019.
What are my responsibilities in protecting my bank account?
- Practise good security hygiene by changing your online banking PIN/password periodically and do not share with anyone
- Keep your* contact details (such as mobile number and email address) up to date with OCBC so that we can send you transaction alerts by SMS or email
- Choose to receive transaction notifications for outgoing transactions
- Monitor your* transaction alerts and account statements for any unauthorised and erroneous transactions
- Disclose your banking credentials such as Online Banking Access code, PIN or One-Time Password (OTP), Organisation ID, User ID or Password, credit/debit/ATM card details to any third party, for any purpose including to initiate or execute any payment transaction involving your account
- Disclose your access code/password in a recognisable way on any payment account, authentication device, or any container for the payment account
- Store or keep a record of your access code, PIN/Password, card details in a way that allows any third party to easily misuse them
- Do not click on the weblinks in SMSes or emails to access our websites as these may be phishing attempts. Please always type our URL : https://www.ocbc.com/login (Individuals) or https://velocity.ocbc.com (Sole Proprietors) into the browser’s address bar or use our Mobile Banking/Business Mobile Banking apps
- Only download the OCBC Mobile Banking app or OCBC Business Mobile Banking app from the official app stores (Apple App store or Google Play Store)
- Update your device’s browser to the latest version available
- Patch your device’s operating systems with regular security updates provided by the operating system provider
- Install and maintain the latest anti-virus software on your device
- Change your PIN/password regularly
- Do not use a PIN/password which can be easily guessed
- Check carefully the e-payment instruction and details of the recipient (such as name, account number, mobile number, email address or unique entity number) before executing or confirming any e-payment transaction
- Read carefully any notifications sent by the Bank. If you are asked to perform or authorise transactions that you are not aware of, do not do so
- Report to the Bank immediately if you notice any unauthorised/erroneous transaction
What are my responsibilities in making e-payments?
- Provide accurate contact information for the Bank to send transaction notifications;
- Protect your login credentials and access to your protected accounts; login credentials include Login ID, access code, PIN/password, OTP or other credentials that are used to authenticate your identity;
- Enable and monitor transaction notifications and report unauthorised transactions as soon as possible;
- Provide information on unauthorised transactions as requested by the Bank to support investigations; and
- Make a police report if the Bank requests such a report to be made to facilitate claims investigation
Transaction alert notifications
ATM, debit/credit card transactions
The default alert threshold for local ATM or local/overseas debit/credit card transactions is S$1,000. For overseas ATM cash withdrawals, the default alert threshold limit is S$1.00. You may choose to change the threshold to your preferred setting.
However, we recommend that you do not increase your threshold limit from the default limit. If you set it at a higher threshold than the default threshold limit, it will mean that you will not be notified of any transaction below the threshold limit that you’ve set. This may have an impact on your liability for losses arising from unauthorised transactions.
Where you have set the thresholds for the notifications previously, those thresholds will continue to apply. Otherwise, the default threshold set by the Bank will apply.
Online banking fund transfers and payments
For outgoing online banking fund transfers and payments, the default notification threshold limit is S$0.01. This threshold limit cannot be adjusted. We strongly encourage that you keep the transaction notification turned on at all times to monitor your transactions.
Channels for transaction notification
You may log in to OCBC Internet Banking to select your preferred channel for transaction notifications via SMS, email or push notification (in-app notification on your mobile device).
For the types of notifications available based on the Guidelines, you may refer to the FAQ below.
For more information on your liability for losses arising from unauthorised transactions, please refer to the FAQ on E-Payments User Protection Guidelines by ABS.
Should you become a victim of an unauthorised transaction, please inform us immediately. You can report to us by contacting one of our branches during their opening hours or call us at:
Call +65 6538 1111
Give full information of the unauthorised transaction such as payee details including bank name, payee name, account number, transaction date and time, amount, sender and your account details.
Make a police report if you have encountered a fraud or scam. We may request that you file a police report to facilitate our investigation.
What will the Bank do after you report an unauthorised transaction?
After receiving the information required to facilitate the investigation, the Bank will complete an investigation of any relevant claim within 21 business days for straightforward cases or 45 business days for complex cases.
Complex cases may include cases where any party to the unauthorised transaction is residing overseas or where the Bank has not received sufficient information from you (as the account holder and in the case of sole proprietors, the person appointed at point of application/maintenance) to complete the investigation. The Bank will update you of the outcome of our investigation. If it has been assessed that you are not liable for any loss from the unauthorised transaction, the Bank will credit your account as soon as our assessment is complete.
Should you disagree with our assessment of liability, you may proceed with other forms of dispute resolution including mediation at FIDReC.
Please note that transactions arising from frauds or scams are not in scope within the Guidelines. For erroneous/unauthorised transactions on credit cards, charge cards or debit cards, the dispute resolution process established under the respective card scheme will apply.
If you have sent an erroneous transaction, please inform us immediately. You can report to us by calling us at the following hotlines or visiting our branch during their opening hours.
Call +65 6538 1111
Give full information of the erroneous transaction such as recipient’s unique identifier, including account number, identification number, name or other credentials entered by you and the date, time, amount and purpose of the transaction.
What will the Bank do after you report an erroneous transaction?
The Bank will endeavour to assist to recall the funds from the recipient and update you of the outcome. Longer time may be taken for more complex cases.
What are the E-payment User Protection Guidelines all about?
The Guidelines are issued by MAS to protect users of electronic payments. They aim to encourage wider adoption of e-payments in Singapore.
The Guidelines establish a common baseline protection that Financial Institutions will provide to individuals and sole proprietors from losses arising from unauthorised e-payment transactions from their protected accounts.
What is a protected account?
Protected accounts as defined in the Guidelines are those that:
- are held by either individuals or sole proprietors, including those held jointly by multiple account holders; and
- can hold a balance of more than S$500 or equivalent at any one time (Stored value facilities like EZ-Link card and NETS Cashcard are thus not covered by the Guidelines), or is a credit facility
What e-payments do the Guidelines cover?
The guidelines cover all payments initiated through electronic means, and where funds are received through electronic means. These include online payments and transfers.
How do the Guidelines protect me?
The Guidelines set out your responsibilities as an e-payment user to adopt good security practices. These include how you should protect your device, login credentials, access codes and protected accounts.
We will provide you with transaction notifications and a reporting channel so that you may be alerted of unauthorised transactions and report them should they happen.
We will investigate claims of unauthorised transactions, with the aim of achieving a fair and reasonable resolution.
Please note that the Guidelines do not apply to scams or frauds, which will be investigated by the police.
What are these transaction notifications for?
The notifications safeguard you against unauthorised and erroneous transactions. They are to alert you of such transactions so that you may report them to us for quicker resolution.
What type of transactions will I be notified on?
Notifications will be sent by us for outgoing payments initiated through electronic means. These include online payments/transfers and debit/credit card transactions.
Some electronic transactions may not trigger notifications if they were not initiated or received through electronic means. Transactions initiated by us, such as credit card cashbacks, will not trigger notifications under the Guidelines.
The notifications you receive may also depend on your instructions to us. For instance, you may have instructed us that a notification be sent only for certain types of outgoing transactions or if a transaction is above a certain amount.
What type of transactions will I be notified on based on the guidelines
We will update you with your transaction details by sending SMS notification alerts to your mobile phone number. You will receive instantaneous SMS alerts (or Push Notifications if enabled) when you make the following transactions.
Note: To find out which transaction alerts are available under Push Notification, click here.
Type of SMS Alerts
Default Enrolment Settings
Overseas ATM cash withdrawal
Change in local ATM cash withdrawal and NETS Purchases default threshold limit for transaction alert from 24 June 2022
Funds transfers and bill payments at ATM
Other account debit alerts*
|Amount shall be determined by customer
Online Banking payments and transfers
Update of contact details via ATM and Online Banking
Activation/Deactivation of overseas ATM cash withdrawal feature
Activation of credit and debit cards
Change of alert settings
Deposit - Other transactions via other banking channels
|Amount shall be determined by customer
Debit/credit card transactions^
*If your transaction exceeds S$50,000.00, we will send you SMS notification alerts irrespective of the alert setting.
#You are unable to unsubscribe to this alert as it is mandatory.
^Transactions initiated by the Bank, such as credit card cashbacks, will not trigger notifications.
For Sole Proprietors:
|Types of SMS/Email Alerts
|Default Enrolment Settings
|Cashcard top-ups, funds transfer, Bill Payment and NETS purchases initiated via ATM card
|As per indicated in the Corporate ATM SMS Alert setup/maintenance form
|S$1,000.00 cumulative basis
|Online Banking payments and transfers
|Auto-enrolment for all online banking users based on contact details provided
- Debit card transactions
|Auto-enrolment based on the contact details provided in the Business Debit Card application
Where you have set thresholds for transaction notifications previously, those thresholds will continue to apply. Otherwise, the default threshold set by us will apply.
How will these notifications be sent?
Notifications may be sent via any of these channels:
(funds transfer within own accounts; bill payment)
Do I need to enrol for these notifications?
You are automatically enrolled for notifications of outgoing transactions initiated through electronic means. This is applicable for new and existing customers (please refer to the default threshold limit set out in Question 7).
Please update us with your* latest mobile number or email address to ensure that you receive the notifications.
Will I be charged for this service?
This service is currently free.
I am receiving too many notifications. How do I stop these notifications?
The notifications are a safeguard against unauthorised and erroneous transactions. There is a default threshold limit set for certain types of transactions (refer to Question 7 above). Based on your payment patterns, you may wish to adjust your notification thresholds so that you receive notifications that are most relevant to you. For instance, you may wish to be notified only if the transaction is above a certain amount.
What will happen to the existing notification thresholds that I have set previously?
Your existing notification thresholds will continue to apply and you may visit the notification settings to change it anytime.
How do I customise the alert settings?
You may choose to customise the alert settings via OCBC Online Banking. For those alerts with selection of threshold limit available (such as ATM/card transactions), you can change the alert threshold to your preferred setting.
For more enquiries, please call 1800 363 3333 or visit any of our OCBC branches.
For Sole Proprietors:
How do I update my mobile phone number?
To ensure you are kept informed of your account/transaction details, it is important for the bank to be updated with your current mobile phone number.
You may update your mobile phone number via the following methods:
You may choose to customise the alert settings via the following methods:
- OCBC Online Banking or OCBC Mobile Banking app
- Any OCBC ATM or Kiosk
- Call 1800 363 3333 using your telephone PIN
For Sole Proprietors:
What should I do if I receive a notification for a transaction that I do not recognise?
This could be an unauthorised transaction and you should inform the Bank immediately. Please provide the following information to us:
- The bank account affected;
- Your identification information;
- The type of authentication device, access code/login credentials and device used to perform the payment transaction;
- The name or identity of any account user;
- Whether the account number, authentication device, or access code/login credentials was lost, stolen or misused and if so,
- the date and time of the loss or misuse,
- the date and time that the loss or misuse, was reported to you, and
- the date, time and method that the loss or misuse, was reported to the police;
- any access code/login credentials that is applicable to the account,
- how the account holder or any account user recorded the access code/login credentials, and
- whether the account holder or any account user had disclosed the access code/login credentials to anyone
If I report an unauthorised or erroneous transaction to my bank, when can I expect a resolution?
We should complete an investigation of any relevant claim within 21 business days for straight forward cases, and up to 45 business days for complex cases.
For erroneous/unauthorised transactions on credit cards, charge cards or debit cards, the dispute resolution process established under the respective card scheme will apply.
If I report an unauthorised transaction, am I still liable for the transaction?
You will not be liable for any loss that arises from any action or omission by us, if you have complied with your duties as an account holder. For losses due to any other independent third party other than you and us, subject to the below, you will also not be liable if the outgoing transaction value is within S$1,000.
You will, however, be liable if it is ascertained that the primary cause was recklessness on your part, such as failing to protect your access code/login credentials or access to your protected account. Your liability will be capped at the transaction limit or daily payment limit, where applicable.
In all cases, we will conduct an assessment to determine the appropriate liabilities and work towards a fair and reasonable resolution.
For transactions on credit cards, charge cards and debit cards issued in Singapore, the apportioning of liabilities is governed by the ABS Code of Consumer Banking Practice.
What should I do if I receive erroneously sent funds?
Please inform us as soon as possible. You may be facilitating criminal activities, such as money laundering and unlicensed money lending, if you knowingly receive money from strangers, dubious sources or other unverified sources. It is a criminal offence if your bank account is used to receive money linked to criminal activities or keeping erroneously sent funds.
If I have sent funds erroneously to a wrong party, what should I do to get my money back?
Please contact us immediately to log your case. Reasonable efforts will be taken by us to recover the money sent, where possible. We and the receiving bank will facilitate communication between you and the recipient to help you recover the money that was sent wrongly.
What is our guarantee (for Personal Banking)?
If you fall prey to fraud and have played your part in protecting yourself from fraud (see below), we guarantee a full refund of any money that has been fraudulently transferred out of your account via OCBC Internet Banking or the OCBC Digital app (subject to our Terms and conditions governing Electronic Banking Services).
Our guarantee protects you if you had adopted the following measures:
- You have kept your hardware token secure at all times;
- You have not shared your security details with anyone (these include your Access Code, PIN and hardware token);
- You have equipped your computer or mobile device with the latest operating system security patches, anti-virus, anti-malware and firewall software. The installed software should be regularly updated to the latest version and run with latest signatures;
- You have followed our recommendations on Safeguarding Your Internet Banking Access and complied with all your obligations under the Terms and conditions governing Electronic Banking Services and the Terms and conditions governing Deposit Accounts;
- You have updated us immediately when there is a change in your contact details, such as mobile number and email address, for the purposes of receiving SMS or email notifications on online banking transactions and activities;
- You have updated us immediately when you change your mobile number for receiving One-time Password (OTP) via SMS; and
- You inform us immediately if:
- You are aware of any suspected fraud, including any compromise or loss of your security device or security details;
- You receive SMS or email notifications for transactions which you did not perform; or
- You receive alerts notifying you of transactions* that you do not know of and/or did not make, and you provide us with your full cooperation (including providing all the information we request).
Terms and conditions
We hope that the information we provide will be useful to you. However, you are expected to be responsible for the security of your devices. We regret that we will not be able to bear any financial losses resulting from unauthorised use of your account.
Personal and Premier Banking customersYour usage of our OCBC Online Banking Service is subject at all times to our Terms and conditions governing Electronic Banking Services and the Terms and conditions governing Deposit Accounts.
Business Banking customersYour usage of our OCBC Internet Banking Service known as OCBC Velocity is subject at all times to the Business Account terms and conditions.