The Monetary Authority of Singapore (MAS) has issued instructions to leading financial institutions and banks in the country to tighten the overall customer verification process after a security breach that occurred at SingHealth which compromised the personal data of approximately 1.5 million people.
The MAS claimed that it has sent out a notice to all the banks and financial institutions of the country. Through the notice, the authority has issued instructions asking them to be careful with customer verifications due to the loss of information illegally accessed during the cyberattack. Such information could include the full name of the customers along with the address, gender, national identification number, date of birth, and race.
Additional information must be utilized in the verification process before the banks process any specific transaction for a customer. Additional verification information should include PIN numbers, one-time passwords, and even biometrics.
These security measures suggested by the MAS (Monetary Authority of Singapore) are aimed at mitigating any risk that would compromise the data of their customers. Measures must be taken towards combating the faults that had occurred during the SingHealth security breach and which could be utilized for impersonating the customers in order to conduct unauthorized and unauthenticated financial transactions.
MAS further added that the leading financial institutions of the country have been instructed to conduct a proper risk assessment of the impact due to the SingHealth incident. Risk assessments must be performed on the existing control measures of the financial institutions regarding financial services that are offered to customers including the inquiry functions and financial transactions.
Banks located in Singapore have already been asked to implement a two-factor authentication method for identifying customers during login. An additional layer of control has also been put into place for authorizing high-risk monetary transactions like the opening of accounts, revision of the fund transfer limits, registration of third-party payee details, and so forth.
MAS states that financial institutions are required to take immediate steps for mitigating any risks that may arise from the misuse of the compromised information. MAS will work with the financial institutions on the respective risk assessments as well as mitigation steps. Tan Yeow Sang, cybersecurity chief of MAS, states that the customers are also required to play their role. They are required to safeguard their accounts with strong passwords and must practice better personal security measures. If the customers come across any fraudulent transaction in their accounts, they must notify their financial institution immediately.
The most serious data breach in Singapore occurred on July 4. Investigations are still ongoing after the police report was filed on July 12.