DBS, OCBC and UOB to roll out 'money lock' feature that lets customers block savings from digital transactions

SINGAPORE — A new security feature that allows bank customers to block their savings from digital transactions will be rolled out by major banks DBS, OCBC and UOB by the end of November.

Once locked in, the money cannot be transferred through digital means, but can be moved only in person at an ATM or at a branch, depending on the bank.

The "money lock" feature is the latest measure adopted by banks to make it harder for fraudsters to siphon money out of a hacked account. This comes as scams continue to plague the nation, with more than 750 victims losing at least $10 million in total after falling prey to malware scams in the first half of 2023.

DBS Bank's take on the feature, dubbed digiVault, will let customers lock up their savings digitally in a designated account from which funds cannot be withdrawn.

Setting up the vault will take less than 30 seconds, and there is no limit to the amount that can be deposited, a DBS spokesman said in reply to queries from The Straits Times. 

Customers will be able to withdraw their savings in person at the bank's branches, where they will be asked to show proof of identity, like their passport or identity card, said the spokesman.

The bank is exploring other options for customers to unlock the vault, which will be announced in November.

[[nid:644543]]

"By setting up digiVault, customers limit the risk exposure of their monies, preventing scammers from performing any fraudulent digital transactions, should they gain unauthorised access to customers' phones and accounts," the bank said on Friday (Oct 6).

OCBC Bank's "money lock" feature works similarly to prevent unwanted transfers.

Users will be required to authorise access to the account on a platform other than the online banking app, like at an ATM, said Beaver Chua, head of anti-fraud at OCBC's group financial crime compliance department.

Chua said: "Once scammers have access to a customer's bank account through phishing, malware or other malicious means, it is extremely difficult to prevent them from making account changes and siphoning monies from a customer's bank account.

"Hence, a robust and secure measure to unlock the ring-fenced funds must be in place, which may inevitably introduce friction in banking."

UOB head of group compliance Daniel Ng said that the bank is also rolling out its own version of the "money lock" feature in November. He did not give more details.

He said: "We believe that the money lock can be an effective tool to limit risk exposure online as it is able to ringfence a portion of funds as designated by the customer from digital transfers or intrusion."

The measure was first reported by ST in February during an interview with UOB head of group risk management Frankie Phua, who said that the bank was exploring a way for customers to set aside savings that cannot be withdrawn digitally.

In reply to feedback published on the ST Forum page, director of the Association of Banks in Singapore Ong-Ang Ai Boon wrote in August that local banks had been exploring the "money lock" feature.

[[nid:651300]]

She said then that careful testing had to be done to ensure that the banks can cater for users who need to make urgent payment online — for example, when they are overseas — and to protect customers from social engineering techniques used by scammers.

The "money lock" feature is another line of defence adopted by banks which, between August and September, also launched an anti-malware security measure to restrict access to online banking apps if a suspicious app is detected on the user's device.

In such cases, scammers typically trick victims to download a malware-laden app from non-official platforms outside the Google Play Store.

Victims have found their bank accounts emptied after being duped into installing sideloaded apps.

Hackers made away with $325,000 in August after 27 victims fell for a bogus mooncake sale which led them to install malware on their phones.

The Cyber Security Agency of Singapore has urged the public to download an antivirus app with malware and phishing detection from a list of recommended programs offered by cybersecurity firms like McAfee and Kaspersky.

The police have also advised the public to be wary if asked to download unknown apps to purchase items or services on social media platforms.

ALSO READ: 'I cry every day and cannot sleep': Woman loses $110k after downloading app for durian tour

This article was first published in The Straits Times. Permission required for reproduction.