Singapore’s landscape
In today’s digital age, safeguarding our bank accounts from hackers is of utmost importance. With cyber threats becoming more sophisticated, it is essential to take proactive measures to protect our hard-earned money and savings. While governments and banks have been working to combat phishing scams, it is vital for individuals to play their part in making it harder for criminals to gain unauthorized access. In this article, we will explore the concept of the three-tier architecture and how it can be applied to bank accounts to enhance security.
Government’s Mitigations Tools
In the recent months, the government and our local banks have been working to mitigate the massive SMS phishing scam campaigns that were targeting Singaporeans through the adoptions of:
- Full SMS Sender ID Registration.
- Removal of URL links in the governments’ and banks’ SMS.
- Informative campaigns to warn from clicking on suspicious links.
- ScamShield app updated to Android users (the first version was only for iOS compatible).
Unfortunately, this is still not enough because malicious URLs and software can be from phishing emails, social platforms messages, QR codes in advertisements and so much more.
OCBC Bank made goodwill payouts to the victims of an SMS phishing scam that was initially reported in December 2021, but not everyone is so lucky.
The IT three-tier architecture design
What can we do to slow down the criminals and make things harder for them?
In IT security best practices, we have the three-tier architecture that separates the servers in three functional layers. Each layer manages a specific type of traffic, having the presentation-tier the most expose to external threats and the data-tier the most isolated and protected.
The application-tier aka middle-tier is the brain, the servers in this layer retrieve the data from the database and processes it before handing the information over to the presentation-tier servers.
We can adopt the three-tier architecture for our bank accounts too.
We are aiming to improve the security measures to protect our money by making harder for the hacker to reach to our lifetime savings.
The adoption of a three-tier architecture for bank accounts is to slow down an attacker and to allow us to have sufficient time for detection and respond.
The three-tier bank accounts architecture
Here is how we can do it:
1. Daily-tier Bank Account
In this bank account we put the amount of cash we need for the month plus the minimum deposit to avoid paying the monthly fee.
We may have a credit card issued from this bank to be used for daily purchases and online shopping.
The PayNow function identified by our mobile number should be connected to this bank account.
This is the most vulnerable account due to its exposure to daily and online use.
Suggested is a POSB savings account because the average minimum deposit is 500 SGD daily.
If the attackers are able to gain access, they will find limited money to withdraw from.
2. Payment-tier Bank Account
In this bank account we put the amount of money we need for the monthly expenses plus the minimum deposit to avoid paying the monthly fee.
In this account we do all the digital operations such as payments of credit card, insurance, loans, rents and more.
We will transfer from this account the money required for the daily-tier bank account.
We may have a credit card issued from this bank for special payments.
This credit card should NOT be used for online purchases to avoid having its details stored online by any app.
The PayNow function identified by our IC number should be connected to this bank account.
This is the second most vulnerable account due to the payments and transfer of funds and the most dynamic.
Select a bank with the best digital platform app and security features in place: user-friendly.
If the attackers are able to gain access, they will still find limited money to withdraw from.
3. Savings-tier Bank account
In this bank account we have our lifetime savings.
The ingress money will be from our salary or pension.
The only exit of funds must be to the Payment-tier bank account where we transfer the required amount only when needed.
This must be the most isolated account.
No credit cards nor debit card must be used for this account.
Select a bank with a complex digital platform and security features.
Complex means not easy to crack or to reset the password (many combination factors and length requirements), complicated account number, not digitally user friendly.
This aspect will impact the hackers’ actions too and will slow them down.
Final thoughts
With the adoption of a three-tier bank accounts, we should have enough time to detect the criminal’s whereabouts in case of an attack, and adopt the appropriate countermeasures.
If you want to know more about “how to respond under attack?”, click here to read my other article.
You may gradually start by adopting a two-tier approach, or you may want to have more banks accounts per tier.
This article is to give you an idea of what you can do in Singapore to protect your savings and how to avoid becoming easily the next victim.
I hope you found this article useful. If so, please share it with others or explain the steps to the people you care because we can make the difference.
“Knowledge is Power but without Actions is useless.”
Roby Osamu
