Everything You Need To Know On Singapore’s E-payment User Guidelines
28/05/2019 — by Will Elton
Singapore is embracing the emerging global trend towards becoming a cashless society. With increasing popularity of electronic wallets on smartphone apps in the Lion City, there is a pressing need for regulation on the tens of thousands of daily cashless transactions to alleviate the concerns of unauthorised and mistaken transactions. After rounds of public consultations, the Monetary Authority of Singapore has issued the E-payment User Protection Guidelines (“Guidelines”) which will come into effect on 30 June, 2019 and be applied to banks and financial institutions (“FI”) with stored-value facilities such as DBS PayLah!, EZ-Link and Nets.
What Are They Meant To Do?
The aims of the Guidelines are to establish a common protection system provided by FIs against losses arising from unauthorised and mistaken transactions. The Guidelines provide measures to apportion liability between FIs and e-wallet account users (“Users”) by imposing various duties when using or providing e-payment services. As a result, Users are expected to take active steps to protect their accounts from misuse or risk being held partly or fully liable for loss arising from unauthorised transactions.
Meanwhile, it should be noted that the Guidelines do not apply to unauthorised or erroneous payments made through credit or debit cards, or e-payment wallets that are linked to credit or debit cards such as Apple Pay, since there are existing guidelines for protection in place.
Liability Of Users Under The Guidelines
Traditionally, the liability of credit card or debit card users who have contributed to the cause of an unauthorised transaction, such as by failing to timely report suspicious transactions or losing the card, is capped at S$100.
Under the new Guidelines however, there is no such cap on Users’ liability and Users have to take personal responsibility for their e-payment devices and accounts to ensure that they have not been reckless in causing the unauthorised transaction.
The Guidelines have set out situations where a user will either (i) not incur any liability for losses arising from unauthorised transactions, or (ii) incur liability for actual loss. Generally, a User will not any incur any liability for losses if such losses are resulted from any action or omission by the responsible FI and the User has fulfilled his duties under the Guidelines (see below). Such action or omission by the responsible FI may include fraud or negligence, or non-compliance with the duties of a responsible FI prescribed by the Guidelines (also discussed further below).
On the other hand, a User would be liable for the actual loss arising from unauthorised transactions (but limited to any transaction limit or daily payment limit agreed between the User and the FI) if the User’s recklessness was the primary cause of the unauthorised transaction. Recklessness in this situation would include deliberate non-compliance with the User’s duties imposed under the Guidelines.
As such, as a typical consumer in the big city, it is important for us to understand our responsibilities and duties as e-payment users and exercise due diligence in complying with same to avoid any exposure to liability should an unauthorised transaction unfortunately occur.
Duties Of Users Under The Guidelines
The Guidelines have prescribed duties on the e-payment users in respect of proper handling of their accounts and the provision of information to FIs. Under the Guidelines, Users are under duties to:-
- provide to the responsible FI contact information, opt in to receive all outgoing transaction notifications whether by SMS or email and to actively monitor such notifications;
- practice safe password keeping practices, such as adopting a strong password, not voluntarily disclosing passwords to any third party or keeping a record of the password which would lead to misuse;
- update smartphone operating systems to the latest firmware to install regular security updates;
- report an unauthorised transaction to the responsible FI as soon as practicable after receipt of any suspicious transaction notification;
- provide the responsible FI with specified information as requested within a reasonable time; and
- file a police report if the responsible FI requests such a report to be made.
Duties Of Responsible Financial Institutions
Responsible FIs are also under duties to take steps to enable Users to monitor payment transactions and to report unauthorised or mistaken transactions, which include:-
- informing Users of their duties mentioned above;
- providing outgoing transaction notifications to users by SMS or email at least once every 24 hours for each transaction or on a batched basis. However, Users can select their own notification preferences such as opting to only receive notifications for outgoing transactions above a certain amount or for certain types of outgoing transactions;
- providing onscreen opportunities for Users to confirm payment transactions before execution;
- providing Users with a reporting channel to report unauthorised or erroneous transactions, and acknowledging reports made by SMS or email;
- assessing and completing the investigation of any claim made by a User in relation to an unauthorised transaction within 21 or, in exceptional circumstances, 45 business days of a report; and
- crediting the User’s account with the total loss arising from any unauthorised transaction as soon as the responsible FI has completed its investigation and assessed that the User is not liable for any loss arising from the unauthorised transaction.
Specific Duties In Relation To Erroneous Transactions
The Guidelines also provide for a streamlined process for dealing with payments that have been erroneously placed with or transferred to a wrong recipient. In brief, the responsible FI of the User who initiated payment and that of the erroneous recipient are required to make reasonable efforts to recover the sum sent in error, such as exchanging specified information on the transaction within prescribed timeframes. The User is also required to assist the responsible FI in this process by providing any specified information requested by the FI.
In conclusion, as along as Users are able to practice basic cyber security habits when using e-payment systems, they should be adequately protected under the Guidelines against losses from unauthorised or erroneous transactions. With e-payment systems gradually becoming more widespread and integrated in daily economic activity, Singapore is definitely taking a right step towards the right direction with the new Guidelines in place to instil confidence in e-payment systems, and to becoming the “Smart Nation” as envisioned by Monetary Authority of Singapore.
This article does not constitute legal advice.