Very few things have ever left me underwhelmed about Singapore but there's one that stands out - what is quite paradoxical for a country that prides itself in its financial services.
Local banks are useless.
This seems to be a disease of developed countries, as my experience has been similar in Western Europe or Japan.
Where I come from – you know, the post-communist dark corner of Eastern Europe – we had full internet banks more than 20 years ago. I've been able to access my accounts on one of the first generation smartphones while abroad, when Dutch ING required you to use Internet Explorer and download special software + obtain a token to do any banking at all.
My experience in SG has been similar – local banks are not in the same age as their users. I don't know if it's entrenched bureaucracy or the fact that they are governed by out of touch oldtimers, insulated from reality by layers of useless, lazy bureaucrats.
The reality is, however, that the bureaucracy, customer service as well as functionality and reliability of their online services are absolutely appalling for a developed country.
It is, therefore, no surprise that when hackers found an easy way to spoof senderId on the SMS messages, for them to land in the same stream of notifications as the bank's and later proceeded to wipe clean someone's account with foreign transfers - it raised zero red flags.
Naturally, since nobody seems to have anticipated it, the customer service was predictably just as useless as the bank's safeguards.
Which, again is not a surprise in case of OCBC, given that its very own representatives took two weeks to get back to me about opening an account 2 years ago. If they don't care about onboarding clients why would they care about solving a problem they themselves have allowed to happen in the first place? (Naturally, by the time they called me I'd already had one opened in a competing bank, which has proved just a tiny bit less useless.)
There's absolutely ZERO excuse for the bank not recognizing multiple foreign transfers, cleaning someone's account out completely, as a red flag.
This sort of security negligence is not only an example of shocking incompetence but I would call it borderline criminal in this day and age. Tens or hundreds of thousands of dollars go out of someone's account to random destinations abroad, leaving a balance of a round $0 and all the bank is able to do is shrug its shoulders?
All executives responsible for technology and security in the bank should be immediately fired. This is absolutely unacceptable in the digital era.Oddly enough, I recently had an interesting experience myself, having made a substantial online purchase with a Singaporean card in Poland.
The transaction was put on hold for verification – but not by the bank (DBS in this case) but... by the Polish payment gateway.
There's a greater care for fraud screening among payment processors abroad than there is in Singaporean banks for their very own customers.
Which, given their antiquated mobile and online services, is not a surprise at all.
It's one thing to allow yourself to get duped by some ridiculous fake Viber call and give someone on the other side an OTP – it's your fault for being gullible.
But banks must accept responsibility for screening, flagging and verifying suspicious transactions - particularly large, outgoing foreign transfers to accounts that have never been used before.
A toddler could come up with these conditional fraud filters.
And, perhaps this is who the local banks should start employing, because by the looks of things they are not run by people who understand the current century.