When somebody bad happens, it’s human nature to assign blame. In the recent spate of scams involving OCBC in which people have lost their entire life savings, the knee jerk reaction’s been to blame the OCBC scams on the bank itself.
Should we though?
Let’s take a step back and think it through.
The scammers who fool OCBC’s customers aren’t affiliated with the bank in anyway. They’re immoral thieves who are out to make a quick buck, and screw over anybody in their way. Doesn’t matter if you’re young or old, rich or poor, they just want your cash.
Undeniably, these are the assholes to blame.
These assholes however, are not within reach for the moment. It’ll take weeks (perhaps months or even years) to track down their ill gotten gains and even then, chances are the authorities might not even get the persons responsible.
That just leaves OCBC holding the bag, and unfortunately the bank’s an easy target to blame.
It’s a faceless corporation that has billions (maybe even trillions) in its coffers. How can such a huge entity allow something to happen to its customers, who depend on it to keep their money safe?
It’s a breach of trust…despite the fact that it was the customer that actually initiated the methods that allowed the scammers to worm their way into OCBC’s systems.
After all, without the customer details (passwords and other essential info) that the customers themselves unknowingly provided, there would’ve been no way for the scammers to gain access to their accounts.
Morally, there’s no grey area here at all. You reap what you sow, even if it’s unknowingly done.
That however, shouldn’t absolve OCBC of any responsibilities.
Rather, it’s the whole banking industry that shouldn’t be absolved. OCBC merely followed accepted security regulations; the usage of a digital token, OTP and various other generic authentication methods that have been adopted by nearly all local banks.
That’s where the issue lies.
There needs to be a refinement to the authentication process. A more focused and granular approached tailored for each individual instead of a catch all security process.
For the elderly, perhaps a more hands-on approach, with personalized calls from the bank to reconfirm what needs to be done with them. For the tech savvy among us, perhaps a short live chat through the bank’s app, with a live person confirming the transaction.
The fact of the matter is all these scams could’ve been avoided if there was a live person interaction integrated somewhere into the chain. That person can easily verify any transaction and if found to be fraudulent, shut it down.
With the rush to automate everything, perhaps banks need to take a step back and instead focusing on adding back in a human touch to stop scams. The OCBC scams have shown un that there are holes that need to be patched.
It’s not going to be foolproof or cost-effective (which is ultimately the bottom line of all corporations), but wouldn’t it be better than what we have now?