最有看点的互联网金融门户

最有看点的互联网金融门户
国际资讯监管与政策

新加坡金管局要求金融机构加大客户验证核实力度

不久前,新加坡保健集团(后文简称SingHealth)遭遇网络攻击,导致150万用户数据被非法访问和盗用。

此前,新加坡各大银行会在用户登录时采用双重身份验证(PIN+一次性密码),而高风险交易则需要额外的管控层授权。有些金融机构也会采用动态方式进行验证,但是个人身份信息等内容则通常不会被采纳其中,因为用户很可能在参与抽奖等日常活动中将其随意泄露出去,增加了账户被盗用的风险,信息可信度也有所下降。

然而面对日益严峻的网络安全环境,近日新加坡金融管理局(后文简称MAS)已向该国所有金融机构发出通函,要求其加强客户身份验证力度,防止类似事件再度发生。

MAS要求所有金融机构都必须先对现有金融服务信息管控措施进行风险评估,增加验证的力度(如增加验证信息种类等),以减轻滥用受损信息可能带来的任何风险。

此外, MAS还将与金融机构合作进行风险评估,并提出减缓措施。

The Monetary Authority of Singapore (MAS) has issued a circular to all financial institutions, directing them to tighten their customer verification processes. This follows the recent cyber attack at SingHealth where personal information of 1.5 million individuals was illegally accessed and stolen.

For access to online financial services, banks in Singapore are already required to put in place two-factor authentication (e.g. PIN and One-Time-Password) at login to identify their customers. Banks are also required to implement an additional layer of control to authorize high-risk transactions.

Financial institutions also have in place robust measures to verify customer identity. Personal information (name, NRIC number, address, date of birth, etc) is generally not used as the sole means of verification by financial institutions as these are often freely given out by members of the public for various purposes, such as when filling out lucky draw coupons or surveys.

However, to address any risk that the information stolen from SingHealth may be used by fraudsters to impersonate customers and perform unauthorised financial transactions, MAS has directed financial institutions to tighten their customer verification processes. Specifically, with immediate effect, all financial institutions should not rely solely on the types of information stolen (name, NRIC number, address, gender, race, and date of birth) for customer verification.

Additional information must be used for verification before undertaking transactions for the customer. This may include, for instance, One-Time Password, PIN, biometrics, last transaction date or amount, etc.

MAS has also directed all financial institutions to conduct a risk assessment of the impact of the SingHealth incident on their existing control measures for financial services offered to customers, including transaction and inquiry functions. Financial institutions are to take immediate steps to mitigate any risks that might arise from the misuse of the compromised information. MAS will engage financial institutions on their risk assessments and mitigation steps.

用微信扫描可以分享至好友和朋友圈

扫描二维码或搜索微信号“iweiyangx”
关注未央网官方微信公众号,获取互联网金融领域前沿资讯。

发表评论

发表评论

您的评论提交后会进行审核,审核通过的留言会展示在下方留言区域,请耐心等待。

评论

您的个人信息不会被公开,请放心填写! 标记为的是必填项

取消

新加坡金融科技节:用技术与创新改写未来

渺渺 22小时前

新加坡成功完成资产清算区块链应用测试

Ana Berman | 巴比特资讯 1天前

新加坡支付创企运营新规即将出台,重点防范影子银行

渺渺 10-18

新加坡与印尼签署金融科技合作备忘录

Finextra | FINEXTRA 10-15

传统银行如何应对金融科技的挑战?新加坡提供了一个极佳模板

Rashmi Kum... 10-11

版权所有 © 清华大学五道口金融学院互联网金融实验室 | 京ICP备17044750号-1