Shared Responsibility Framework
If you suspect you have been a victim of a phishing scam involving your protected account, the Shared Responsibility Framework (SRF) outlines a clear process for reporting, investigation, and resolution.
Under the SRF, only certain digitally-enabled phishing scams are covered. These are scams where a fraudster pretends to be a legitimate organisation, such as a bank or government agency, and lures a person into clicking on a deceptive link and entering their account details on a fake website or digital platform. The stolen credentials are then used to make unauthorised transactions without the customer’s consent. To fall under the SRF, the scam must also have a clear connection to Singapore — for example, the impersonated entity is Singapore-based or provides services to Singapore residents. Scams not covered include those where victims willingly authorise payments (such as investment or romance scams), scams involving victims directly giving away credentials by phone or in person, and other unauthorised scams that do not involve phishing, such as hacking, identity theft or malware-related fraud.
To learn more about the Shared Responsibility Framework, please refer to the MAS website.
The following explains the 4-step operational workflow you can expect.
Overview of the 4-Step SRF Workflow
Step 1: Claim Stage – Making Your Report
· If you suspect you are a victim, contact us immediately via our in-app chatbox or email to stb@starryblu.com.
· Report the incident within 30 calendar days of receiving the transaction alert from us.
· To help us start the investigation, you must provide:
a. A valid email address for communication.
b. Supporting documents (e.g., a police report, screenshots of communications with the scammer) within 3 calendar days of your initial report.
We will assess if your claim falls under the SRF (applies to scams involving impersonation that occurred on or after 16 December 2024).
If your claim involves an SMS phishing link, we may contact your Telco (Singtel, StarHub, M1, or SIMBA).
You may request details of all the suspected transactions from your account, including dates, times, and recipient parties.
Step 2: Investigation Stage – Assessing Responsibilities
We will review whether we and/or your Telco fulfilled our respective security duties under the SRF, and the investigation will be conducted by independent review teams to ensure impartiality.
Where a scam involved an SMS, your Telco and us will investigate concurrently to see if the security obligations have been met.
Expected Investigation Timeline: Within 21 business days
For complex cases, investigation timeline will be performed within 45 business days (e.g., if involved parties are overseas).
Step 3: Outcome Stage – Receiving the Result
We will provide you with a written outcome within the above investigation timelines.
The outcome will state:
· The findings of the investigation.
· Who is responsible for the loss (based on the SRF guidelines).
· If applicable, the amount to be credited to your account.
You will be asked to acknowledge receipt of this outcome.
Step 4: Recourse Stage – If You Disagree
If you are dissatisfied with the assessment, you have options for further review.
· You may escalate your case to the Financial Industry Disputes Resolution Centre (FIDReC).
· If the dispute is with the Telco, you may write to the Infocomm Media Development Authority (IMDA).
General Note: For cases outside the SRF scope, you may still pursue civil claims or mediation through existing channels.
Important Additional Information
· The framework applies to qualifying phishing scams that occur on or after 16 December 2024.
· Only the four Mobile Network Operators – Singtel, StarHub, M1, and SIMBA – have duties under the SRF. Sub-brands (e.g., GOMO) will be covered by their parent Telco. Mobile Virtual Network Operators (MVNOs) are not covered.
· While your claim is under investigation, we will withhold or waive any charges related to the disputed transactions and will not report the non-payment to credit bureaus.
· We advise filing a police report.
This information is based on the MAS/IMDA Guidelines on the Shared Responsibility Framework. It is intended for general guidance and does not constitute legal advice.
