The Monetary Authority of Singapore (MAS) issued a circular to firms after healthcare group SingHealth was targeted by hackers.
The regulator acknowledged that banks and other financial institutions “have robust measures to verify customer identity”.
However, it added that it was necessary to “tighten the customer verification process” to “address any risk that the information stolen from SingHealth may be used by fraudsters to impersonate customers”.
“Specifically, with immediate effect, all financial institutions should not rely solely on the types of information stolen for customer verification.”
MAS highlighted name, national registration identity card (NRIC) number, gender, race and date of birth as examples of data that could be compromised.
“Additional information must be used for verification before undertaking transactions for the customer.”
Cyber hygiene
Tan Yeow Seng, MAS’s chief cyber security officer, said: “MAS will work closely with the financial institutions to ensure that robust cyber defences are in place so that customers can carry out online financial transactions with confidence.
“But customers must also play their part. They must safeguard their passwords and practice good cyber hygiene. If they suspect any fraudulent transactions in their accounts, they should notify their banks immediately.”
