Forum: Banks should hold off key changes to account for 12 hours


Once again, the newspapers are filled with sad stories of people falling victim to scammers and losing their savings.

The modus operandi of scammers is to send a fake message to the individual, purportedly from the bank, that persuades the individual to provide not just his user identity and password, but also the one-time password sent to his mobile phone.

With these in hand, the scammer then takes control of the account.

The e-mail address and phone number are changed immediately, which diverts all communications on the account to the scammer.

New payees are added and transaction limits for fund transfers are increased. Even credit card limits are increased.

Funds are then siphoned off and the credit card used for shopping sprees. The account is drained.

The security system used by banks is generally sound, relying on a two-factor authentication system. There have been suggestions to improve security features further through the banning of SMSes, for example. No matter how good the systems are, the weak link is that there will always be individuals who fall for scams.

I suggest that banks put in an additional security feature – an execution hold on important changes to a customer’s profile.

All important changes, such as changing e-mail addresses and telephone numbers, adding new payees and increasing transaction limits, should be subjected to a 12-hour hold.

Upon receiving such instructions, the bank should immediately send an SMS and e-mail to the customer informing the customer that a request has been made, and the changes would be effective in 12 hours’ time if there is no objection from the customer.

This will give the customer adequate time to receive the message and take necessary action if the changes are fraudulent.

If the customer had indeed asked for the changes, there would be no need for any action and the changes would become effective after this holding period.

There may be some inconvenience to the customer since changes requested cannot be effective immediately, but I think a 12-hour wait would not compromise service quality or customer satisfaction.

In the old snail mail days, banks would write to the customer to inform him of a request to change the mailing address.

This suggested feature will act as a backstop for any scamming activity.

Kuo How Nam

Comments are closed.