Additional measures to protect our Corporate and SME customers against phishing scams
1. How is DBS protecting me as a corporate/business customer?

Our customers’ safety when banking online remains our top priority. As part of our multi-layered defence against fraud, we:

  • Use secure technology and protocols to ensure our customers’ information and money are safe, whenever they bank online. For example, we employ multi-factor authentication when our customers perform online transactions.
  • Have a dedicated anti-scam team with round-the-clock response capabilities, established to carry out intervention work, monitor and review fraud alerts. The team includes full-time personnel stationed at the Singapore Police Force’s anti-scam centre to ensure timely freezing of any suspicious/compromised accounts.
  • Carry out transaction screening with our advanced monitoring and surveillance systems, which help us to detect unauthorised activities on customer accounts. This allows us, to detect distinct changes in user behavioural patterns; cross-reference unusual account changes; as well as screen unusual transfers and block flagged transfers.

We will continue to work closely with MAS, the Singapore Police Force, Infocomm Media Development Authority (IMDA) and other regulatory bodies to deal with this scourge of scams. This includes exploring more permanent solutions to combat SMS spoofing.

However, fraud prevention is a community effort. We encourage our clients to remain vigilant and help educate their employees and staff on scam awareness. We would like to remind our customers to remain vigilant and proactively take precautionary measures to protect their credentials and devices.
 

2. What can I do to protect my business?

It is important that our customers remain vigilant as scammers are quick to adapt in targeting unsuspecting consumers. To avoid falling for online banking scams, customers must:

  • Never click on links provided in unsolicited SMSes
  • Verify unsolicited SMSes or emails received by calling the bank directly on the hotline listed on its official website;
  • Always check that you are at the bank’s official website before making any transactions, or transact through the bank’s official mobile application;
  • Never divulge internet banking credentials or passwords to anyone; and
  • Secure your device with a strong password, PIN or a relevant mechanism to prevent unauthorised use.
  • TIP: A strong password is one that is difficult to guess and contains a mix of letters, numbers or symbols. You can use this on top of your device’s biometric security feature (if available).
  • Avoid providing your account details (such as passwords and PIN) to third-party financial aggregator applications as these applications may not be secure.
  • Avoid registering other people’s biometrics such as facial or fingerprint registration on your devices if you use biometrics to access DBS applications.
  • Use a different PIN or password for web-based services such as email, online shopping or subscription services
  • Closely monitor transaction notifications so that any unauthorised payments are reported as soon as possible to increase the chances of recovery.
     
3. Are there any additional step(s) taken by DBS to safeguard corporate customers against the potential integration between phishing sites and customer bank accounts?

Our approach to integrate with external platforms, such as accounting platforms/marketplaces, is strictly controlled with internal due diligence and we do not provide any integration services to third party sites that are not fully validated by our internal teams. Users availing banking services through these external platforms / marketplaces will also need to provision the banking services using their existing credentials and security protocols.

Please be assured that your deposits and monies are safe and secure.

4. How can I differentiate a scam SMS from an official one from the bank?

We will only send essential SMSes, and these SMS notifications will not include clickable links. Alerts in the form of push notifications continue to appear only via the DBS IDEAL mobile app.

If you are unsure of any messages you’ve received, access your bank account via the official banking or payment app, or key in the bank’s URL directly into the browser.

Alternatively, you may call BusinessCare Hotline at 1800 222 2200 / +65 6222 2200 (overseas), Monday to Friday, 8.30am to 8.30pm (excluding Public Holidays).

5. Why is corporate banking allowing links in emails?

While MAS’ guidelines do not prohibit the inclusion of links in emails to corporate customers, we will ensure that only useful links that enhance your customer experience will be included in our mailers going forward.

We urge all customers to continue remaining vigilant when performing any banking transaction online, including checking and verifying the sender’s identify before clicking on any link. 

If you’re unsure of any emails you’ve received from us, you may call 1800 222 2200 / +65 6222 2200 (overseas) and we’d be happy to assist. We have also put in place additional safety measures to protect you from phishing scams – please refer to the document below.

6. Is there a way for me to be notified for transaction on IDEAL?

Notification alerts will be sent following each transaction by default. These alerts are sent both on SMS and Email. You may turn off the alerts in settings for one of the two channels but not for both. This feature is provided for the added safety and security of our customers. 

7. Can I change my Notification thresholds?

There will be no threshold limit. Notification alerts will be sent regardless of transaction amount.

8. What happens when a fraudster attempts to change the mobile number and/or email address? Will I receive a notification?

Following any request by customers to change their mobile number and/or email address, notifications will be sent to both old and new mobile number and/or email address.

9. Is Digital Token still safe?

Yes, the Digital Token is built with global security standards as part of our multi-layered authentication (e.g. phone lock, banking User ID and PIN) to give you peace of mind.

10. Can I still use my physical token?

Today, the vast majority of our customers are using digital tokens although customers can request for a physical token on a case-by-case basis.

11. Is there a cooling period between digital token set up and activation to prevent fraud ?

While there is no cooling period enforced for corporate customers, there is sufficient levels of control like multi factor authentication, multi levels of approval for making payments, transaction signing and “mchallenge“ (SMS security token on DBS IDEAL) for approving payments and post authorisation alerts.

12. How will the bank prevent further outflow of my funds?

Upon suspected compromise of user account, access to DBS IDEAL will be revoked to prevent any transaction authorisation via DBS IDEAL. 

13. Do you have dedicated support lines for assistance to deal with fraud cases?

Corporate customers can call our BusinessCare Hotline at 1800 222 2200 / +65 6222 2200 (overseas), 8.30am to 8.30pm Monday to Friday (excluding Public Holidays) under Option 1 to report fraud.

Alternatively, customers may send an email to  [email protected] and we will respond on the next day.

Customers who visit the branch for any fraud reporting, will be attended to by a branch manager without needing to queue.

14. How can I check for the latest updates on scams?

We provide information about new scams here. We will also update advisory and tips on how to safeguard against them.

The latest updates will also be featured upon logging in to DBS IDEAL and will be available in push notifications on the DBS IDEAL mobile app by mid-February 2022.

A list of security features of IDEAL is also available for reference here