Ms He Ting Ru asked the Prime Minister and Minister for Finance (a) what specific security measures and safeguards are required of banks before they can offer digital banking services to minors under 16 years old; (b) how do these measures differ from the requirements for adult accounts; and (c) what remediation processes must banks have in place for unauthorised transactions involving minor-operated accounts.
Ms He Ting Ru asked the Prime Minister and Minister for Finance (a) whether the existing fraud protection frameworks fully cover losses from unauthorised transactions in child-operated bank accounts; (b) where a minor’s bank account credentials are compromised, who bears ultimate liability between the bank, parents and the minor; and (c) what is the prescribed timeline for banks to investigate and resolve such cases.
Mr Gan Kim Yong (for the Prime Minister): Bank accounts for children under 16 years old can only be opened by parents on their child’s behalf. This applies to both joint accounts between parent and child, and accounts in the child’s name only.
For joint accounts, the parent, as joint account holder, is able to control and operate the account.
For children’s sole name accounts, banks have set significantly lower default daily transaction limits of $50 to $100, which can be lowered by the parent. This is part of the additional functions that banks provide to facilitate parental supervision. For instance, parents can also view their child’s transactions via Internet or mobile banking and will receive real-time notifications on outgoing transactions and high-risk activities, such as changes to transaction limits or personal particulars, to alert them of unusual transactions and account activities.
Ultimately, parents determine whether and when to open or close an account for their child, how much funds they wish to place into the account at account opening, and the appropriate daily transaction limit to set for the account. This recognises that parents are responsible for their child’s usage of the account and best placed to supervise their child’s access to digital banking services. Such accounts provide the parent an opportunity to closely supervise his or her child’s management of a bank account, before the child reaches 16 years of age and obtains a sole name account that they manage independently.
All bank accounts, including accounts of customers below 16 years old, are subject to security measures put in place by banks to safeguard against unauthorised transactions1. In addition to real-time notification alerts, banks also provide a kill switch which can be activated by either the parent or the child to block all online payment transactions from the account where needed.
Banks are expected to follow up promptly when they receive a report of a fraudulent transaction on the account from either the parent or the child. The Shared Responsibility Framework, which assigns relevant duties for financial institutions and telecommunications companies to mitigate phishing scams, would similarly apply to accounts operated by minors. Should banks breach any duties under the framework, they would be expected to provide payouts to affected scam victims, regardless of the account holder’s age. Otherwise, banks may also consider making payouts under their goodwill frameworks, taking into account specific circumstances of each case.
The investigation timelines are also the same. Banks are expected to complete investigations of cases involving unauthorised transactions within 21 business days for standard cases, or 45 business days if the case is complex.
Prime Minister’s Office
12 November 2024
https://sprs.parl.gov.sg/search/#/sprs3topic?reportid=written-answer-na-18301
Office of the Leader of the Opposition 