SINGAPORE – UOB and DBS Bank have announced greater controls aimed at protecting customers against malware-enabled scams, following OCBC Bank’s lead.

UOB will be progressively rolling out two new security features on its UOB TMRW banking app from Wednesday, Mr Daniel Ng, the bank’s head of group compliance, said on Tuesday.

The first update will restrict customers’ access to their UOB TMRW app once any apps or tools that are sharing their mobile devices’ screens are detected. Customers can resume accessing the app after they have turned off screen sharing on other apps.

This feature will prevent customers from unknowingly sharing their mobile screens with scammers when using the banking app, which may allow the latter to take control of their devices and compromise their banking information.

The second update will restrict access to the banking app upon detection of any apps that were downloaded from third-party or unauthorised sites with risky permissions on customers’ mobile devices.

An error message flagging the name of the potentially risky app will be triggered, and customers will have to uninstall or turn off accessibility permissions for the flagged app to be able to access the UOB app.

Mr Ng said the new updates may lead to some inconvenience for customers, but stressed they are “necessary for enhanced security to mitigate the risks and protect customers’ exposure to malware scams”.

“Customers can be assured that the new security features do not monitor their phone activities or collect or store any personal data.”

DBS, which launched a security check-up dashboard earlier this month, will be pushing out a new anti-malware tool on its DBS/POSB digibank app progressively from September.

The anti-malware tool will restrict DBS users’ access to their DBS/POSB digibank app if it detects the presence of malware, apps downloaded from unverified app stores – also known as sideloaded apps – with accessibility permissions enabled, or ongoing screen sharing on a customer’s device.

If known malware is detected, customers will receive a pop-up notification requesting that they secure their devices. They can do so by disconnecting their mobile devices from the Internet and deleting suspicious apps to regain access to their banking app.

If sideloaded apps with accessibility information are detected, users will be asked to uninstall the apps listed in the pop-up message or disable their accessibility permissions via their device settings. This is to protect customers, as having accessibility permissions enabled for sideloaded apps may give scammers control of their devices.

If potentially unauthorised screen sharing is detected, customers will be prompted to stop sharing their screens. If they are not sharing their screens, they will be asked to call DBS’ fraud hotline immediately, as this is indicative of a malware attack.

The new anti-malware capabilities do not monitor phone activity, nor do they collect or store any personal data, said DBS.

Mr Lam Chee Kin, head of legal and compliance at DBS, said: “We will always be one step behind if we detect only known malware. In order to be one step ahead, we must also look at the risks of unknown malware... such as sideloaded apps with accessibility permissions enabled, or whether there is screen sharing or mirroring ongoing.”

Launched in mid-September, DBS/POSB’s security check-up dashboard enables customers to track key security settings easily and take the recommended actions to protect themselves from scams.

DBS Singapore country head Han Kwee Juan said that while certain measures may affect customers’ digital banking experience, the bank seeks their understanding as they are necessary to enhance protection against fast-evolving scam tactics.

Some UOB customers like Mr Joseph Ng, 23, welcomed the new features, given the recent rise in banking-related scams.

The university student said it was a step in the right direction, but he was worried about the inconvenience he might have to go through just to open his UOB TMRW app.

“It wouldn’t be good either if every time I try to open the app, I have to jump through multiple hoops,” he said.

Mr Leow Joon Nam, 63, who is a long-time user of the DBS/POSB digibank app, supports the new security features.

The business owner, however, raised concerns about less Internet-savvy users having trouble accessing their banking apps. He said the banks will need to reach out to customers on different platforms to teach them how to disable permission settings for apps, among other things.

“Inconveniences are bound to occur, but that is better than having your life savings taken away completely,” Mr Leow added.

There were 22,339 scam cases reported from January to June 2023, according to mid-year statistics from the police, a 64.5 per cent increase from the 13,576 cases during the same period in 2022.

The Association of Banks in Singapore (ABS) and the Monetary Authority of Singapore had said that banks had been working closely with government and law-enforcement authorities to fight malware scams.

OCBC said on Sept 7 that an update of its app in August had thwarted malware scammers attempting to steal at least $2 million from more than 30 of its customers.

It added that no losses from malware had been reported by those using the updated version of its app.

Mrs Ong-Ang Ai Boon, director of ABS, said on Aug 8: “Malware scams are particularly aggressive and pose a serious threat to consumers. Malware scams are often perpetrated through apps downloaded from third-party or dubious sites.

“In general, consumers who do not take the necessary precautions will be expected to bear the losses arising from malware scams.”