Development Bank of Singapore is blaming inadequate controls at consumer PCs for the recent incident in which a Chinese computer hacker broke into 21 DBS Internet bank accounts and escaped with a S$62,000 cash haul.
DBS Bank, Singapore's largest with 370,000 Internet banking customers, discovered the fraud only after a customer complained about missing funds. By this time, the hacker had transferred the money to his own account, withdrew the cash at a local branch and fled to Malaysia.
DBS insists that its own Internet system was not breached during the incident. Instead, says the bank, the hacker attacked customer PCs to capture PINs and IDs which were then used to make fraudulent transfers.
The incident has sparked a review of the Singapore Monetary Authority's (MAS) guidelines for Internet banking, initially drawn up last year after a similar security breach at Overseas Union Bank.
In a written reply to Parliamentary questioning of the soundness of banking via the Internet, the MAS states: "The safety of online banking is dependent on the security systems of the bank and the precaution customers take to safeguard their User ID and PIN, as well as protecting the PCs they use. For example, customers should install firewall and anti-virus software on their PCs to block out hackers, and log off their computers when not in use."
The watchdog is calling for stiffer penalties for computer hackers and says it will conduct a review of risk management guidelines in consultation with the industry.
DBS has refunded the customers involved, but warns that it may not accept liability for any future attacks which target inadequately protected consumer PCs.