E-Payments User Protection Guidelines

The Monetary Authority of Singapore (“MAS”) issued the E-Payments User Protection Guidelines (dated: 31-Jan-2019) with an aim to establish a common baseline protection offered by responsible financial institutions on a business-as-usual basis to individuals or sole proprietors from losses arising from isolated unauthorised transactions or erroneous transactions from the protected accounts of these account holders. 


The user protection guidelines stated below also cover various other cyber security threats and their countermeasures to protect FlexM users from cyber attacks. 

 

If you are an individual or sole proprietor holding a payment account, please take note of the following:


  1. Cyber Security Guidelines 



Do’s 

Don’ts 

Internet Usage

  • Configure your home internet router with appropriate security settings.


  • Browse securely by using our official website or applications.


  • Log out of the site/Application when not in use.


  • Create unique passwords for eWallet applications/Financial Transactions that are different from those used on your social networking sites.

  • Do not share your home WiFi access code & password with others.


  • Do not connect to public networks that are not secured/encrypted.


  • Do not save your User Name and Password in the browser.


  • Do not search for customer care contact details on search engines. These are often camouflaged by fraudsters.


Device Security

  • Always use the Apple store/Playstore to install FlexM products.


  • Always log out of the application, when not in use.


  • Disable option  “File and Printer sharing.


  • Latest version of the web browser must be used on all your devices.


  • Device operating systems must be updated with the latest security updates provided by the Operating System provider.


  • Strong password with a combination of letters, symbols and numbers must be used for your Device.


  • Keep record of access code in a secured way, either in an electronic format or in any physical location undisclosed to others.  

  • Do not store your user name and password on your phone.


  • Do not use a jail-broken device to access FlexM products.


  • Do not disclose any access code (e.g. OTP, device passcode, password) to any third party.


  • Do not leave your device unlocked.


  • Do not install unknown applications or software.


Malware Protection

  • Avoid downloading files from unknown sources.


  • Install a strong anti-virus/anti-malware protection on all your devices.


  • Delete all junk emails and chain emails. 

  • Do not use unsecured or public networks to access FlexM applications.


  • Do not click any links provided in the email or download any contents from such emails.


Phishing/Vishing Protection

  • Exercise caution on unsolicited phone calls, emails, SMS.


  • If the caller/SMS/Email is suspicious, notify FlexM immediately to the contact details listed in our website.


  • Do not give your personal information to the person requesting the information on Phone/SMS/Email.


  • Do not click unknown links and delete the SMS / email immediately to avoid

accessing them in future.


Social Media Platforms


  • Restrict access to your profile information on Social Media sites to friends & families only.


  • Always verify genuineness of fund requests with friends / relatives or confirm by a phone call / physical meeting to be sure that their profile is not impersonated.



  • Do not share personal information details such as DoB, Full Name, phone number, address etc 


  • Do not disclose Email ID details on the untrusted websites as this can result in phishing attempts and spams.


SIM Replacement Fraud

  • Contact your Mobile Phone Service provider if your outgoing/incoming call & SMS services are disabled or when your phone displays the message 

“SIM not registered” or something similar.


  • Use Password or Pattern to secure your Mobile Devices.

  • Do not share credentials pertaining to your SIM card.

QR Scan Scam

  • Be cautious while scanning any QR codes using payment apps. QR codes have embedded

account details in them to transfer the amount to a particular account.




  1. Transaction Alerts


Your mobile number and/or email ID used for activating your FlexM ewallet account is your registered Phone number/Email ID, to which all the outgoing transactional notifications will be sent by FlexM.  Make sure your correct contact details are updated to your ewallet account, so you can receive updates on all outgoing transactions


You must also enable your devices for receiving such outgoing transactional notifications for your monitoring. If you notice any fraudulent transactions in your ewallet account that you haven’t authorized, notify us immediately. 


3. Notifying un-authorized transactions


Any suspicious transaction or un-authorised transaction identified by you on the basis of transactional alert monitoring or by other means, must be notified immediately to FlexM by using any one of our reporting channels. Our customer service representatives will acknowledge receipt of your report by providing you with a reference number for the report recorded with us. 


Any delay in notifying us would be considered as gross negligence from your side, unless there is a proper justification provided. 


During our investigation, we may request from you, for more information regarding the un-authorised transaction(s) reported, which must be provided by you in a timely manner. Further, a police report may also be requested from you. 


4. Liabilities 


Any losses arising due to protected account-holder’s negligence, which includes non-adhering to the user protection guidelines will be the liability of the account holder. 


5. Relevant Links


Please note that the information stated above is not intended to be exhaustive, and as the Guidelines have an impact on your obligations, duties, and liability, we strongly urge you to visit the MAS link for more information: