On 25 April 2019, the Monetary Authority of Singapore ("MAS") updated the E-Payments User Protection Guidelines ("Guidelines").
The Guidelines set out MAS' expectations of any responsible financial institution ("Responsible FI") that issues or operates a protected account. You may access the updated Guidelines on the MAS website (link).
The aim of the Guidelines is to establish a common baseline protection offered by Responsible FIs on a business as usual basis to individuals or sole proprietors from losses arising from isolated unauthorised transactions or erroneous transactions from the protected accounts of such account holders.
Under the Guidelines, a "protected account" means any payment account that fulfills all of the following— (a) is held in the name of one or more persons, all of whom are either individuals or sole proprietors; (b) is capable of having a balance of more than S$500 (or equivalent amount expressed in any other currency) at any one time, or is a credit facility; and (c) is capable of being used for electronic payment transactions; and a "Responsible FI" in relation to any protected account, means any bank, non-bank credit card issue, finance company or approved holder that issued the protected account.
Safeguards for E-Payment account holders
The Guidelines aim to set standards and safeguards which include (but are not limited to) the following:-
- account holder to provide contact information, opt to receive all outgoing transaction notifications and monitor notifications;
- account user to safeguard access and access code(s) to protected account;
- if unauthorised transactions are detected, account holder to report and provide information on such transactions and make police reports to facilitate claims investigation process;
- Responsible FIs to inform account holders of the user protection duties;
- Responsible FIs to provide transaction notifications to each account holder of a protected account on a real time batched basis to the account holder's account contact;
- Responsible FIs to provide recipient credential information;
- Responsible FIs to provide a reporting channel for the purposes of reporting unauthorised or erroneous transactions;
- Responsible FIs to assess claims and complete claims investigations;
- Responsible FIs to credit protected account with the total loss arising from any unauthorised transaction if account holder is not liable;
Guidelines will take effect on 30 June 2019
On 31 January 2019, MAS announced that banks and credit card issuers will be allowed to defer implementation of the Guidelines up till 30 June 2019. The Guidelines were first issued in September 2018 and were originally scheduled to come into effect on 31 January 2019. However, banks requested more time to implement the Guidelines, owing to the scale and complexity of system changes needed to implement the transaction notification standards for all products and customers as set out in the Guidelines.
Not all E-wallets are covered by the Guidelines
The Guidelines will apply to e-wallets currently operated by banks such as DBS PayLah, as well as approved holder(s) in respect of a stored value facility under the Payment Systems (Oversight) Act (Chapter 222A) ("PS(O)A") viz. Ez-link card, Nets CashCard, Nets FlashPay and Xfers Wallet.
The Payment Services Act 2019 ("PS Act") was passed by Parliament on 14 January 2019, but has not yet come into operation. Technology firms which offer stored-value services, such as PayPal, Grab and Singtel, are currently not subject to the Guidelines, but may fall under the purview of the PS Act when it comes into operation and replaces the PS(O)A.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.