No guarantee you will get money back if you're hit by malware
Victims of info-stealing malware should quickly report illegal transactions, but...
Earlier this month, project manager Mark Lim, 47, lost $13,325 after he used a malware-infected computer to access his online bank account.
Fortunately, his bank managed to get the money back.
But other bank customers in the same situation may not be as lucky as Mr Lim.
Mrs Ong Ai Boon, director of the Association of Banks in Singapore, said that if money has been illegally transferred to an overseas bank, there is no guarantee that customers will get their money back.
The New Paper reported on Mr Lim's case yesterday.
On May 18, he had intended to make a transfer from his Singapore corporate bank account to the account of his business headquarters in Hong Kong, but the money landed in the account of an unknown individual in Hong Kong.
Mrs Ong said that when such unauthorised transactions are detected or reported by customers, banks will immediately investigate and try to stop the transaction.
But success depends on how quickly customers discover and report these transactions.
As "it is not possible for banks to stop or reverse the payments" when instant fund transfers are made through electronic funds transfer service Fast And Secure Transfers, "(local) banks will contact the beneficiaries' banks to recall the funds", said Mrs Ong.
She added that "there is no specific timeline" as to when affected customers can recover their losses.
People who carry out these unauthorised transfers typically withdraw or move the money out of the recipients' accounts very quickly, she said.
Banks usually report such cases to law enforcement agencies. Whether losses can be retrieved depends on how long the investigations last, the result of the investigations and judiciary outcomes, among others.
She added that "different jurisdictions around the world will have different requirements", and these will impact the recovery process.
Banks here are also proactive in educating customers on how they can protect themselves from malware through advisories on their websites, online and mobile channels.
Mrs Ong said that generally, banks have added security features such as multilayered authentication, and transaction signing and alert mechanisms for critical transactions.
When asked if cases like Mr Lim's are common in Singapore, Mrs Ong said: "There are cases of malware infecting customers' computers, though we do not have the industry statistics on the number of such cases in a year."
There are cases of malware infecting customers' computers, though we do not have the industry statistics...
- Mrs Ong Ai Boon, director of the Association of Banks in Singapore
Tips for secure online banking
- Install anti-spyware and anti-virus software and set it to perform daily updates automatically.
- Monitor the performance of your machine. If it's running slowly, or web traffic begins to behave erratically, run a scan.
- Do not enter any One-Time-Password (OTP) from your bank if you did not initiate or request any transaction.
- Do not proceed with the transaction if your computer displays an irregular or error message.
- For mobile devices, always download the applications from authorised sources such as the Apple App Store or the Google Play Store.
- Be familiar with your bank's login pages. In general, banks will never display your entire password or authentication PIN after you have keyed it in. Banks will also never ask customers to provide their PIN or token-generated PIN over a phone.