There were also calls for more scam variants, such as malware-enabled scams, to be covered under the framework.
In response, the authorities said they would maintain the current focus on a “defined scope of phishing scams where the corresponding duties for financial institutions and telcos can be clearly set out”.
They added that the government will continue to work with banks and others in the ecosystem to put in place measures to mitigate the risk of other scams, including by “holding ecosystem players accountable where necessary”.
“While this is being worked out, banks have taken a more forward-leaning approach towards assessing goodwill payments for customers affected by malware scams,” they said.
On calls for the framework to include more entities such as messaging platforms and social media platforms, MAS and IMDA maintained the focus on banks and telcos given the influence and responsibilities that these entities have over the security of digital banking and SMS channels.
But the government takes on “a whole ecosystem approach” in combatting scams, such as urging social media firms to do more to fight scams.
The Online Criminal Harms Act also allows the government to issue directions to online service providers, entities or individuals to disable access to online criminal content or accounts, including scams, they added.
The shared-responsibility framework “will operate as part of the broader suite of upstream and downstream” anti-scam measures taken on by the government and businesses, the authorities said.
The MAS, for instance, is studying the feasibility of “stronger, out-of-band authentication solutions”, such as the use of Fast IDentity Online (FIDO)-compliant tokens to enhance defences against unauthorised phishing transactions.
IMDA said it has and will continue to work closely with the telcos. Measures such as the mandatory SMS Sender ID Registry and anti-scam filter have resulted in over 20 million SMSes being blocked since 2023.
