About Shared Responsibility Framework (SRF)

Digital scams are evolving rapidly, causing financial losses and undermining trust in online banking. To strengthen protections and promote shared accountability, Monetary Authority of Singapore and Infocomm Media Development Authority have introduced the Shared Responsibility Framework (SRF).

Starting from 16 December, this framework clarifies how banks like us and customers like you can work together to prevent and address phishing scams together.

The Shared Responsibility Framework applies to scams that exploit a three-step process:

The Trick	The Trap	The Theft
Scammer impersonates a legitimate entity that offers services to Singapore residents (e.g. government organisations, banks).	Customer clicks on link provided by the scammer through digital messaging platform (e.g. SMS) and enters his account credentials onto the fabricated digital platform (e.g. fake website).	Scammer uses customer’s account credentials to take over his account and perform unauthorised transaction(s).

Frequently Asked Questions

What types of accounts does the SRF cover?

The SRF applies to protected accounts. These are Personal Banking accounts (e.g. SAYE account, Multiplier account, PayLah!) that can be used for electronic payment transactions.

What should I do if I suspect I am a victim of a scam?

Contact your bank immediately through their official channels (not links received in suspicious messages). Report the incident and provide all relevant information, including any communication with the scammer, police report, and transaction details.

Responsible Financial Institution (RFI) and Responsible Telco Responsibilities

What are the responsibilities of my bank (Responsible FI) under the SRF?

At DBS, we maintain robust security measures to protect your accounts. Our responsibilities under the SRF are crucial in determining the sharing of responsibility for losses from seemingly authorised transactions. Specifically:

Cooling-off Period: We enforce a minimum 12-hour cooling-off period after security token activation or logins from new devices, restricting high-risk activities (adding payees, increasing limits, disabling notifications, changing contact info).
Real-time Alerts for High-Risk Activities: We provide real-time alerts for all high-risk activities (adding payees, increasing limits, updating particulars, disabling alerts) as defined in the SRF.
Real-time Outgoing Transaction Notifications: We provide real-time notifications for all outgoing transactions.
24/7 Reporting Channel and Safety Switch: We offer a 24/7 reporting channel, including a "Safety Switch" – a self-service feature allowing you to promptly block mobile and online access to your account if you suspect you are a victim of a scam. For all scam report, please call our fraud hotline at 1800 339 6963 or (65) 6339 6963 from overseas.
Enhanced Real-time fraud surveillance (effective 16 June 2025): We will progressively enhance our round-the-clock monitoring system to better detect and mitigate cases of consumers’ accounts having material sums being rapidly wiped out by unauthorised transactions in a phishing scam. You may experience some delays or additional security checks as a result, but we assure you this is a necessary step to enhance your online safety.

DBS will bear the losses resulting from our failure to comply with the SRF duties.

What are the responsibilities of my telecommunication company (Responsible Telco) under the SRF?

Connect only to authorised aggregators^# for delivery of Sender ID SMS: Telcos should only deliver Sender ID SMS to their subscribers if it is received from approved sources.
Block Sender ID SMS from non-authorised aggregators: Telcos should block Sender ID SMS from unapproved sources.
Implement anti-scam filter: Telcos should filter and block SMS containing malicious URLs that match those in a database designated for Telcos to refer to.

^#Authorised aggregators are licensed by IMDA to send SMS that bears a Sender ID with an alphanumeric sender ID, or a short code registered with the Singapore SMS Sender ID Registry. The list of authorised aggregators can be found on SGNIC’s website at https://sgnic.sg/smsregistry/list-of-participating-aggregators.

How will the responsibility for losses be determined?

If a loss occurs due to a seemingly authorised transaction, DBS, along with your telecommunications company (if applicable), will conduct an investigation to determine if all our responsibilities under the SRF were met. Based on this investigation, we will determine who will bear the loss. DBS is committed to fulfilling our obligations. If the investigation shows we failed to meet our responsibilities, DBS will cover the loss. If the investigation determines that DBS acted in accordance with our duties, then the responsibility for the loss will be assessed according to the SRF guidelines.

What are other ways I can use to protect my money from scammers?

There are various security features and tools you can use to strengthen your account security.

Update your contact details: Ensure you receive timely alerts from us by updating your contact details to stay informed and protected.
Lock your money with digiVault: Just as a lock protects your valuables, digiVault protects your money by preventing scammers from performing unauthorised transactions.
Complete your Security Checkup: Spend a minute on your digibank app to complete your recommended security actions and strengthen your banking defences.
Review your transfer limits: Protect your account from large, unauthorised transactions by reviewing and adjusting your transaction limits.

Was this information useful?