Singapore AML law responds to high concern over bank fraud, biometrics theft

Consumers are feeling increasing anxiety about the effectiveness of banks’ fraud-protection measures, a recent study by Jumio highlights. This is especially the case in Singapore, where a new law has been passed introducing stiffer fines for anti-money laundering (AML) violations.

According to the Jumio 2024 online identity study, 75 percent of consumers are ready to switch banks if their current provider fails to protect them from scammers. This figure rises to 78 percent in Singapore.

The demand for stronger cybersecurity measures is also higher in Singapore, with 74 percent of consumers expressing concern, compared to 69 percent globally. The higher emphasis on cybersecurity in the country appears to be caused by a widespread problem with stolen digital identity information and biometrics, as seen below.

Jumio’s study, which surveyed over 8,000 adults from the United Kingdom, United States, Singapore, and Mexico, underscores a growing concern about sophisticated fraud tactics like deepfakes and voice cloning. These advanced methods allow scammers to convincingly impersonate loved ones or romantic interests, increasing the success rate of their schemes.

Anna Convery, chief marketing officer at Jumio, emphasizes the urgency of this issue, stating: “This data should be a wake-up call to banks and financial institutions — your customers will take their business elsewhere if you don’t protect them from fraud.”

AML fines quadrupled

All corporate service providers in Singapore are required to register with the Ministry of Finance’s Accounting and Corporate Regulatory Authority (ACRA) under a new law passed last week.

Those found in violation of the island nation’s AML laws could face fines of up to 100,000 Singaporean dollars (roughly US$74,000), under the Corporate Service Providers Bill. The Bill also includes new rules for company directors and reporting obligations for some accounting service providers.

It was reported last year, when the AML legislation was introduced, that cyber scams cost Singaporean people and businesses S$660.7 million ($486.8 million) in 2022.

Volume of stolen ID data surges

Cybersecurity firm Resecurity has detected a significant surge in dark web activity related to stolen identity information of Singapore citizens, according to a recent blog post. Cybercriminals are actively selling stolen identity documents, posing substantial risks of fraud, identity theft, impersonation scams, and KYC bypass.

Numerous instances of stolen identity information of Singapore citizens and residents have surfaced on the dark web. Data prices start at $8, Resecurity says, varying by source and quality. The number of vendors offering stolen Singaporean identity data has surged by 230 percent compared to the previous year by Q2 2024.

Resecurity identified several major underground vendors selling stolen Singaporean identity data around October 2023. Ads on the dark web included services for passports, identity cards, and driving licenses. By June 2024, vendors offered large volumes of compromised identity data, and Resecurity acquired sample datasets to trace the leaks and identify affected organizations.

According to the firm’s research, the stolen data contains biometric information, such as fingerprints and facial data, of victims. Screenshots shared by Resecurity depict stolen selfies taken with identity documents, such as are commonly used for selfie biometric checks in remote identity verification. This type of information is illegally reused for forged documents and other malicious scenarios leveraged by cybercriminals using deepfakes and AI-powered techniques for fraudulent purposes.

Additionally, despite government efforts to secure SingPass, Singapore’s digital identity system, cybercriminals exploit it for scams, money laundering, and identity theft.

Resecurity emphasizes the importance of effective digital identity protection programs for businesses to shield employees and customers from account takeover and identity theft. Consumers should monitor their Singpass and other accounts and enable two-factor authentication.

Article Topics

AML  |  biometrics  |  cybersecurity  |  data protection  |  digital identity  |  financial services  |  fraud prevention  |  Jumio  |  legislation  |  Resecurity