E-Payments: User Protection Guidelines and FAQs

It is to establish a common baseline protection for individuals or sole proprietors from losses arising from isolated unauthorised transactions or erroneous transactions from the protected accounts of these account holders.

A protected account means any payment account that

1. is held in the name of one or more persons who are either individuals or sole proprietors;
2. is capable of having a balance of more than $500 (or equivalent amount expressed in any other currency) at any one time, or is a credit facility; and
3. is capable of being used for electronic payment transactions.

For UOB customers, protected accounts would include the UOB Savings Account, Current Account, Cashplus and Credit Cards.

You shall be responsible for the following:

a) Transaction Notifications

• providing the Bank with a complete and accurate Singapore mobile phone number and email address;
• opting to receive all transaction notifications for all outgoing transactions of any amount;
• enabling transaction notification alerts on any device used to receive transaction notifications from the Bank;
• monitoring all transaction notifications;
  
  

b) Protect access codes

• do not voluntarily disclose any access code to any third party;
• do not disclose the access code in a recognisable way on any payment account, authentication device, or any container for the payment account;
• do not keep a record of any access code in a way that allows any third party to easily misuse the access code;
• If you keep a record of any access code, you should make reasonable efforts to secure the record, including keeping it in a secure location accessible or known only to account user and unlikely to be found by a third party.
  
  

c) Protect access to protected account

• Update the device’s browser such as Chrome, Safari, Internet Explorer, Firefox to the latest version available;
• Patch the device’s operating systems such as Windows operating system (OS), Macintosh OS, iOS and Android OS, with regular security updates provided by the operating system provider;
• Install and maintain the latest anti-virus software on the device, where applicable; and
  Use strong passwords, such as a mixture of letters, numbers and symbols.

You and your account users are to look out for and follow security instructions /advice provided by the Bank from time to time.

d) Report unauthorised transactions
You shall report any unauthorised transactions to the Bank as soon as practicable after the receipt of any transaction notification alert for any unauthorised transaction. Where you are unable to do so, the Bank may require you to provide reasons for the delayed report.

e) Provide information on unauthorised transaction
You shall within a reasonable time provide the Bank with all information as may be requested by the Bank in order to facilitate the Bank’s investigation of the unauthorised transaction. Such information requested may include the account affected, the date and time of the loss or misuse and the type of authentication device, access code and device used to perform the payment transaction.

f) Make police report
You shall furnish the Bank with a police report if the Bank requests for such a report to be made to facilitate its claims investigation process. The Bank may require the police report to be furnished before the Bank begins its claims investigation process.

The transaction alerts service is available to all UOB customers with a UOB Personal Savings/Current account and/or UOB Principal/Supplementary Credit Card. The alerts will be sent by SMS* or email based on the mobile phone number / email address registered with the Bank.
The type of transaction alerts to be sent will depend on the type of alerts the Account holder has selected to receive. Each transaction alert will contain information relating to the relevant transaction such as the transaction date and time and the transaction amount.
*Effective from Oct 2021, UOB will progressively move some SMS transaction alerts to email & push notifications. Click here for details.

The Bank will send the alerts to the accountholder who has performed the transaction and opted to receive the alerts. For transactions (E.g. Giro and Standing Order) that are not performed by the accountholders, the Bank will send the alerts to all accountholders.

The Bank will send the alerts to the supplementary cardholder who has performed the transaction and opted to receive the alerts. The Principal cardholder will not be notified of the transactions done by the Supplementary cardholder. For transactions done by the Principal cardholder, the Bank will send the alerts to the Principal cardholder.

Where applicable, the Bank will provide an onscreen opportunity, which will contain information relating to the relevant transaction and recipient details such as protected account to be debited, the intended transaction amount recipient’s account number or name, for you to confirm the payment transaction and the recipient credentials before the relevant payment transaction is executed by the Bank.

To update your contact details, please log on to UOB TMRW or UOB Personal Internet Banking. Alternatively, you may visit your nearest UOB branch for assistance.

If you are updating your mobile number, we will use the new mobile number to send you SMS-OTP for UOB TMRW and Personal Internet Banking, Unialerts and other transaction alert notifications.

The list of default alerts and limits set by the bank:

If you wish to opt for additional transaction alerts - Bill Payment, Recurring Instalment Payment, Nets Payment, GIRO, Standing Order, Funds Transfer (except FAST), Remittance and other banking transactions, simply log in to UOB Personal Internet Banking to subscribe. If you wish to change the notification threshold for transaction notification alerts or the mode of relevant alert, please log in to UOB Personal Internet Banking.

You will only receive alerts where the transaction amount is higher than the threshold that you have selected. If you are not alerted to unauthorised transactions below your threshold, you may not be able to report these unauthorised transactions promptly or to take steps to secure your account and prevent further losses in a timely manner. This could affect the extent to which you are liable for losses arising from the unauthorised transactions. Please take into consideration your responsibilities and liabilities under the E-payments User Protection Guidelines for unauthorised transactions, when deciding on your notification alert thresholds.

This is applicable to UOB Savings Account, Current Account, Cashplus and ATM card and not applicable to credit card and debit card and all related transactions.

1. You shall be liable for loss where the primary cause of the loss is the account user’s recklessness. Recklessness include the situation where any account user deliberately did not comply with the duties of account holders and account users in the E-Payments User Protection Guidelines. The account user is expected to provide information to the Bank to determine whether any account user was reckless. The actual loss that the account holder is liable is capped at the applicable transaction limit or daily payment limit on the protected account.
   
   
2. You shall not liable for loss if:
   
   • the loss arises from any action or omission by the Bank and does not arise from any failure by any Account user to comply with any duties of account holders and account users set out in the E-Payments User Protection Guidelines or;
   • an unauthorised transaction that does not exceed $1,000, if the loss arises from any action or omission by any third party and does not arise from any failure by any account user to comply with duties of account holders and account users set out in the E-Payments User Protection Guidelines. You will be liable for unauthorized transactions that exceed $1,000.

Please visit any one of the Bank’s branches in Singapore during usual business hours or call the Bank’s 24-hour customer service hotline to report any unauthorised or erroneous transactions as soon as practicable after the receipt of any transaction notification alert for any unauthorized or erroneous transaction. You will receive a written acknowledgement of the report and no fee will be charged by the Bank for making the report.

The Bank will complete our assessment of your claim within 21 business days upon receiving sufficient information from the account holder to complete the investigation for straightforward cases. For complex cases, this may take up to 45 business days. Complex cases may include cases where any party to the unauthorized transaction is resident overseas or where insufficient information has been provided to bank for purposes of the claims investigation. If the Bank’s assessment is that the account holder is not liable for any loss arising from the unauthorized transaction, the Bank will credit the account holder’s protected account as soon as this conclusion is reached.

The Bank will make reasonable efforts to facilitate communication between you and the recipient with the aim to improve your chances of recovering the payment amount sent through the erroneous transaction. However, the Bank may take longer to convey instructions in complex cases such as where any party to the transaction is resident overseas or where the Bank has not received sufficient information from you to convey instructions.

With effect from 30 June 2019, the following clauses in the Terms and Conditions Governing Accounts and Services (Individual Customers) will be amended:
Clause 10.3, 10.4, 10.5, 10.6, 11.5, 11.6, 12.1, 12.2 and 12.3
Please click here for the revised Terms and Conditions.