Over the past five years, Singapore has seen a rise in fraudulent activities targeting financial services institutions (FSIs). Incidents range from money mules exploiting Singpass credentials to open accounts with over $1.28 million from scam victims in June 2024, to the OCBC scam where 800 customers lost $13.7 million.
Trust has become an increasingly critical asset for Singapore’s FSIs as they strive to meet evolving customer expectations and regulatory standards. The Shared Responsibility Framework is now holding Singapore banks more accountable for losses from digital phishing scams. At the same time, the expanded scope of the Cybersecurity Act will require FSIs to report a broader range of incidents, including those affecting third-party vendors.
Amid rising fears of virtual crimes, how can FSIs—whether traditional banks, fintech startups, or insurance firms—in Singapore and the region enhance trust by balancing security with user experience?
Navigating FSIs’ security challenges
FSIs encounter several critical "moments of truth" in authentication and security. These include onboarding, log-ins and re-authentication, financial transactions, and identity management. Each stage presents unique goals and challenges. While users can tolerate some level of security friction, excessive delays—especially if verification exceeds 15 seconds—can lead to significant registration drop-offs.
Newer fintech platforms often prioritise rapid growth, sometimes at the expense of security during customer onboarding. This is a delicate balance, as platforms have a brief window to engage users while identifying and mitigating risks like the creation of fake accounts by malicious actors. FSIs must also remain vigilant against account takeovers—a form of fraud where attackers gain control of online accounts. This often involves using stolen credentials or creating synthetic identities to circumvent security measures. Leveraging a robust, multichannel verification system optimised for scale is one way to mitigate this.
See also: Ransomware still reigns while AI opens new cybersecurity front
Building a foundation of trust
Another priority of FSIs today is delivering hyperpersonalised experiences that are consistent across touchpoints and adapt quickly to dynamic customer behaviours, all while still maintaining compliance. To that end, they can consider exploring a few strategies, technologies or even partnerships.
First, enforce validation and formatting standards to streamline operations and enhance customer satisfaction. Verifying phone numbers and converting them from national to global E.164 (or the international telephone numbering plan) supports both usability and compliance requirements in FSIs.
See also: Identity fraud costs businesses an average of US$7 million annually
Beyond formatting standards, organisations in the industry can benefit from carrier network-based user authentication, which uses mobile network technology to provide strong authentication for increased security and improved user experiences. For example, Endowus, Asia’s leading digital wealth advisory platform, leverages Twilio Verify to secure critical actions like logins and withdrawals with SMS and WhatsApp one-time passwords (OTPs). Since implementation, Endowus has achieved a 96% verify conversion rate overall, reflecting minimal friction in the verification process.
Real-time carrier data on SIM swap history can help customers prevent SIM swap or number port attacks, where fraudsters intercept SMS codes for high-value accounts. This method offers OTP PIN-hijacking resistance, delivering seamless verification without user friction. Understanding when users forward calls to potentially fraudulent devices can reduce erroneously delivered OTP messages, improving conversion rates.
Sometimes, the OTP process can push user tolerance too far. Offering alternative methods can enhance user experience and increase conversion. Moving away from traditional SMS OTPs can improve security and reduce authentication time. It is reassuring to see that major banks in Singapore and around the region are already phasing out OTPs in favour of digital tokens to strengthen security for bank logins. While SMS OTP was not designed for security, it remains a fallback or initial registration method before transitioning to advanced digital solutions such as cryptographic solutions which are much stronger and less prone to security breaches.
The imperative to balance speed with security
FSIs must prioritise security while ensuring a seamless user experience to stay ahead in the evolving landscape. They need to ensure that added friction doesn't prevent users from achieving their goals, such as signing up for services or completing transactions. According to Twilio’s 2024 State of Customer Engagement Report, 47% of businesses surveyed in Singapore identify balancing security and customer experience as their primary challenge, while 41% prioritise simplifying signup and login processes to boost engagement.
Ultimately, treating customers as individuals and minimising repetitive data entry fosters meaningful interactions. The future of authentication will span all channels, so FSIs that allow customers to choose their preferred channel can boost usability and conversion rates. Customers benefit from peace of mind, knowing their data is secure. Streamlined authentication processes save time and offer greater convenience.
FSIs that intentionally safeguard information while maintaining the right amount of friction to deter bad actors will foster mutual trust, key to cultivating long-term customer relationships.
Billy Chan is the director for Asia of the Communications Business at Twilio
