#BeAProAgainstCons with OCBC – empowering you to bank safely and securely

The Shared Responsibility Framework (SRF) was introduced by the Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority (IMDA) to address how banks, telcos and customers can work together to prevent phishing scams.

The SRF applies to scams that follow the pattern of a “seemingly authorised transaction” (as defined in the SRF guidelines):

1. The scammer impersonates a legitimate entity that offers a service
2. The customer clicks on a link provided by the scammer and keys his/her account credentials into the fabricated platform
3. The scammer takes over the customer’s account using his/her credentials and makes unauthorised transactions

Our responsibilities under the SRF are set out in Section 4 of the E-Payments User Protection Guidelines (EUPG). They include:

• Cooling-off period: We enforce a cooling-off period after OCBC OneToken is activated on a new device. During this time, you will not be able to perform high-risk activities (e.g. adding new payees, increasing limits or changing contact information).
• Real-time alerts: We notify you, in real time, of outgoing transactions and high-risk activities that you perform.
• Reporting channel and kill switch: You may report fraud to us at any time, including by activating the OCBC Kill Switch. The OCBC Kill Switch, which is available on the OCBC app, allows you to temporarily suspend access to your accounts and stop any payments.
• Enhanced fraud surveillance: We continuously enhance our fraud monitoring systems to protect you from scams. As a result, you may sometimes experience a payment or transfer being held or rejected if unusual activity is detected; we may also call you to verify its purpose. We will never ask you to transfer money to us or give us your online banking credentials.

• Use OCBC Money Lock to keep your funds safe.
• Keep your contact details up to date to ensure you receive timely updates from us.
• Never reveal your personal or banking details (e.g. Singpass login credentials, banking credentials or OTPs) to anyone.
• Do not click on links in SMSes or emails – we will never send you SMSes or emails with clickable links.

On 15 October 2025, new industry-wide safeguards will take effect to better protect you from phishing scams.

When a period of unusual activity is detected (that is, when over 50% of an account balance of at least S$50,000 is cumulatively transferred out within a 24-hour period), we will reject such payments and transfers – or place them on hold for 24 hours before releasing them. This is to give you time to cancel such payments and transfers in case of a scam.

Keeping your money safe is our top priority. From 1 October 2025, in line with industry-wide safeguards, we will further strengthen our fraud monitoring systems: Payments or transfers made during a period of unusual activity may be rejected or placed on hold.

These new safeguards will join our existing suite of security measures (for example, we may call you to verify transactions that we suspect may be unauthorised).

Banks will never ask you to transfer money to or share your banking details with us, or download apps from sources other than official app stores. We will also never transfer calls to external parties like the police or government officials.

As these safeguards are part of an industry-wide initiative involving all major banks and the Monetary Authority of Singapore (MAS), you will not be able to opt out of them.

To avoid potential delays in payments and transfers, we recommend reviewing your transactions and planning ahead where possible.

The safeguards apply to all personal current and savings accounts (including joint accounts) that have a balance of at least S$50,000.

Yes, it is possible. Banks cannot confirm if the receiving account is truly yours, so the safeguards will still apply.

Digital payments or transfers – where funds leaving your account reach a certain cumulative threshold (i.e. over 50% of an account balance of at least S$50,000) within a 24-hour period – may be placed on hold.

Transactions made in person (e.g. at branches or ATMs) will not be affected.

No, the safeguards are designed to protect you from scams while ensuring you can continue making digital payments for everyday essentials without any disruption.

For your security, you will not be able to do so.

However, there are certain transactions which will not be affected by the safeguards:

• Recurring standing instructions
• Recurring GIRO/eGIRO payments
• Bill payments to organisations that appear as billing organisations in the OCBC app and Internet Banking
• Debit card transactions
• Transfers to any other accounts you have with us

Apart from the enhanced safeguards, we have other security measures to protect you against potential scams. For example, we may call you to verify transactions that we suspect may be unauthorised.

Importantly, we will never ask you to transfer money to or share your banking details with us, or download apps from sources other than official app stores. We will also never transfer calls to external parties like the police or government officials.

We are unable to assist with such calculations. The system will automatically detect when the threshold (i.e. over 50% of an account balance of at least S$50,000 being cumulatively transferred out within a 24-hour period) is hit.

If your payment or transfer is rejected or placed or hold, you will be notified via the OCBC app or Internet Banking (depending on the platform you used) once you submit the request. We will also inform you of the possible next steps.

There may be instances where a payment or transfer that you urgently need to make is placed on hold. If you wish to release such payments or transfers before the 24-hour cooling period ends, you can do so at certain OCBC ATMs (you will need an OCBC ATM/debit/credit card and its PIN).

You may also cancel it via the OCBC app or Internet Banking.

* For joint accounts, only the person who requested the payment or transfer can request its release before the 24-hour cooling period ends.

Locate the nearest ATM that you can use.

To release a payment or transfer before the 24-hour cooling period ends, you will need:

• An OCBC ATM/credit/debit card that is linked to the relevant account; and
• Its PIN.

Please call us for assistance if you do not have an OCBC card.

If you have an OCBC card and wish to link it to the relevant account, log in to the OCBC app > Tap ‘More’ at the bottom navigation bar > Card services > Link account to card.

To be able to conveniently release funds placed on hold at ATMs, you may wish to apply for an OCBC debit or credit card – this can be done via the OCBC app, OCBC Internet Banking or the OCBC website. If your application is approved, we will mail the card to your address in our records within 7 working days.

Had an ATM/debit/credit card but lost it? Request a replacement via the OCBC app: Log in > Tap ‘More’ at the bottom navigation bar > Card services > Replace card. You can do so from 5am to 9.30pm daily (other than for OCBC FRANK Debit and Credit Card replacements, which are not available on Sundays or public holidays).

You can reset your card PIN via the OCBC app or Internet Banking:

• Via the OCBC app: Log in > More > Card services > Reset PIN
• Via Internet Banking: Log in > Customer service > Card services > Reset card PIN

If you are overseas and cannot access an OCBC ATM, please call us for assistance.

No, you will not be charged a remittance fee for transfers that are not processed.

Apart from the enhanced safeguards, we have other security measures to protect you against potential scams. 

Not all held transactions can be cancelled. However, if your request or transfer is placed on hold, you will be notified via the OCBC app or Internet Banking (depending on the platform used) once you submit the request. We will also inform you of the possible next steps.