In a proactive move to protect their users from the ever-evolving threat of malware-enabled scams, leading banks UOB and DBS are rolling out new security features within their banking apps. These measures, aimed at enhancing cybersecurity, are set to be progressively implemented starting from September, with UOB’s measures becoming active from September 27.

Importantly, both banks have emphasized that these anti-malware features are designed with user privacy in mind. They do not monitor customers’ phone activities or collect or store personal data. Instead, they focus on enhancing security while preserving user privacy.

One shared feature across UOB’s TMRW app and DBS/POSB digibank apps is the restriction of customer access in the event of ongoing screen-sharing or screen-mirroring activities. This restriction serves as a protective measure, preventing app users from unwittingly sharing their mobile screens with potential scammers. Such actions could allow scammers to gain control of users’ devices and potentially compromise their banking information.

Additionally, UOB has implemented measures to identify and mitigate the risks associated with “risky permissions settings” within its TMRW app. If these settings are detected on a user’s device, access to their accounts will be restricted until the risky apps are uninstalled or their accessibility permissions are disabled. UOB’s Head of Group Compliance, Daniel Ng, explained, “These apps with risky permissions settings can be exploited by scammers to compromise customers’ mobile devices and banking apps. These features are necessary for enhanced security to mitigate the risks and protect customers from malware scams.”

Similarly, DBS/POSB customers will experience access restrictions in their digibank app if malware, malicious applications, or unverified apps with enabled accessibility permissions are detected.

DBS is going a step further by introducing a “Security Checkup” dashboard within its digibank apps. This feature empowers customers to view and monitor their security settings directly within the app, enabling them to take recommended actions to protect themselves from potential scams or fraud.

Han Kwee Juan, DBS’ Singapore Country Head, emphasized the importance of these measures, acknowledging that they may introduce some friction to the customer journey but are essential for ensuring secure digital transactions. He stated, “As we intensify efforts to protect our customers, we are also empowering them to take proactive steps in safeguarding themselves through our self-managed security features… We believe heightened vigilance is crucial in our combined efforts to combat scams and fraud.”

Malware, encompassing viruses, spyware, and keyloggers, poses a significant cybersecurity threat. It can infiltrate device systems, potentially compromising sensitive information such as banking login credentials and SMS one-time passwords (OTPs).

The introduction of these robust security features by UOB and DBS aligns with the Association of Banks in Singapore’s (ABS) recent announcement that major retail banks in the country have reinforced their security measures to counter malware scams. ABS Director Ong-Ang Ai Boon emphasized that while such measures provide added protection, customers must remain discerning and vigilant to be the best defense against scams.

Highlighting the urgency of the situation, the Singapore Police Force issued an advisory on September 20 regarding a new variant of malware scams. This variant involves scammers executing unauthorized transactions on infected devices and initiating factory resets afterward. Within the first half of 2023 alone, more than 750 cases of victims downloading malware onto their phones were reported, resulting in losses of at least S$10 million.