Source: Monetary Authority of Singapore
Parliamentary Question: To ask the Prime Minister with regard to the interruption to NETS services on 2 February 2018 due to "inadvertent human error" during system maintenance (a) whether MAS has identified root causes which predispose the system to human error; and (b) what measures MAS is taking to ensure reliability of cashless transaction providers with significant market share where interruptions can significantly impact businesses and end users.
Answer by Mr Tharman Shanmugaratnam, Deputy Prime Minister and Minister in charge of MAS:
1. Following the EFTPOS outage, NETS has conducted their investigations. The investigations have established that the outage happened because while preparing for a planned system change activity, a system administrator inadvertently executed a command that abruptly terminated a communications module which is required for connectivity to the banks. In other words, it is due to a human error.
2. MAS takes very seriously the reliability of our payments infrastructure as it forms a critical part of our financial system and economy.
3. Payment systems that are considered important for financial stability or for public confidence are designated under the Payment Systems (Oversight) Act as Designated Payment Systems (“DPS”). Examples include Singapore Dollar Cheque Clearing, Inter-bank GIRO, Fast And Secure Transfers (“FAST”), and the NETS Electronic Funds Transfer at Point Of Sale (“EFTPOS”).
4. All DPS operators have to adhere to MAS’ requirements on recoverability and reliability. DPS operators have to ensure that the systems are able to resume operations within four hours following any disruption. DPS operators are also restricted to a maximum downtime of no more than four hours across a period of 12 months.
5. In this case, NETS EFTPOS has not breached our regulatory standards. NETS was prompt in notifying the public about the outage, providing updates, and most EFTPOS’ services were recovered in about one-and-a-half hours. NETS EFTPOS has not experienced a similar outage since being designated as a DPS in 2010.
6. Notwithstanding, we need to learn from this episode and ensure that similar incidences will not happen in future. MAS has instructed NETS to appoint an independent consultant to determine how controls could be enhanced to minimise the chances of human errors, and to mitigate the consequences if an error does occur.
7. In the interim, NETS has scheduled all system administrator access to off-peak hours and tightened controls over system administrator IDs. Together, this should prevent a similar incident from happening.
8. MAS will closely monitor NETS’ remediation of the identified gaps and issue supervisory directives to NETS as needed. Separately, recognizing that no payment system is infallible, it is important to ensure that alternative payment methods are in place. During the NETS EFTPOS incident, many affected consumers were able to switch to other electronic payment instruments such as debit or credit cards, as well as stored value facilities such as transport cards and e-wallets.