数字前线：银行和电信如何联合起来打击欺诈

How Banks and TelecomsCan Unite Against Fraud practically cannot function without eachother. This connectivity is clearly seen in thefinancial services and telecommunicationsindustries. The use of two-factorauthentication via SMS codes or accessinginternet banking through smartphoneapplications, for instance, has becomepeople’s daily routine. Undeniably, theconnection between financial services (FS)firms and telecommunications companieswill become more significant in the future,making it crucial for those two industriesto identify synergies for cooperation. Fraudsters are becoming increasinglyinnovative in their methods to approachand manipulate their targets. With thespread of technologies like AI tools and thegrowth of globalization, fraud groups movefaster and develop more effective ways tocommit crimes, especially when combiningmultiple technologies. As a result, thereis pressure for mutual cooperationacross sectors. Industries are becominginterconnected, and although they stillprovide different services, technologicalprogress connects these services, and they Forms of phishing and “APP” fraudare infiltrating our smartphones,putting our finances at risk The evolution in mobile technologies has led to more sophisticatedmethods of committing digital fraud. Outlined below are some of the mostcommon types of frauds representing an abuse of services FS firms andtelecoms offer: Phishing This fraud has been a well-known threatfor nearly three decades, but its popularityhas risen in recent years. It often starts witha simple phishing SMS (“smishing”) thattricks a person into clicking on a harmfullink, leading to a loss of control overtheir smartphone by involuntary malwareinstallation in the background. Authorized PushedPayment (“APP”) scams In these scams, a person is misled tovoluntarily make a payment, often as a matterof urgency, to a fraudulent beneficiary,for what they believe is a genuine serviceor product. Fraudsters use phone calls orWhatsApp to reach victims, often combiningthese with AI tools with face manipulationapps and conversation automation to maketheir scams more effective. Whether it isa fake romance scam, someone pretendingto be a close relative or supervisor at work,or offering “the best opportunity to invest,”fraudsters are persuasive. SIM SwapFraud This involves hijacking a SIM card to receiveSMS messages or calls. Fraudsters use thistechnique to access accounts that requiretwo-factor authentication. Then they purportto be the victim attempting to make changeswith their bank or mobile provider to stealthe genuine customer’s mobile identity. Voice over IP(“VoIP”) frauds VoIP frauds usually happen when fraudstersuse internet-based phone systems to faketheir caller ID. Fraudsters disguise theiridentity, pretending to call or write froma bank or another reputable institution. Theytrick targets into clicking on malicious links,disclosing personal data or sending money. These are just some examples of how fraudsters operate today togain as much as their target can offer without them even knowingit. To prevent these frauds, FS firms and telecoms must stay vigilantby not only securing their systems but also raising customer fraudawareness amongst both their customers and employees. Cooperation as today’s must Cooperation between FS firms and telecoms couldmake a big difference in tackling fraud and a greatexample comes from the Global Anti-Scam Alliance(“GASA”) which aims to create a world where peopleworldwide are safe from the financial and emotionaltrauma caused by online scams. They work towardsthis goal by bringing together industries targetedby fraudsters, such as FS firms and telecoms, toshare knowledge and best practices, hosting regularevents where experts share their insights on tacklingonline scams. In response to rising phishing scams, Singaporerecently introduced the Shared ResponsibilityFramework (SRF), announced by the MonetaryAuthority of Singapore (MAS) and the Infocomm MediaDevelopment Authority (IMDA) on 24 October 2024.Beginning 16 December 2024, financial institutionsand telecoms providers must follow specific guidelinesto avoid liability for phishing-related losses. Theseinclude a 12-hour cooling-off period after activatinga digital security token and real-time notifications forhigh-risk activities. Institutions must also implement24/7 reporting channels, fraud surveillance, andself-service features to block unauthorized accountaccess. In determining who is liable for a fraud loss inan incident, an initial check is performed as to whetherthe payment services provider had applied appropriatemeasures to prevent the incident, after which thetelecommunications provider’s controls are put underscrutiny. The customer is only liable if both institutionshave applied adequate controls to prevent the fraud. A notable example of fighting crime together isthe initiative launched in Great Britain by the GSMAssociation and UK Finance. Due to the high numberof APP scams, t