Credit Card Fraud Protection in Singapore: What You're Actually Liable For

You open your banking app and there it is: a charge you do not recognise, made in a country you have never been to. Your stomach drops. Here is the reassuring part. In Singapore, a credit card is one of the better-protected ways to pay, and the rules on who foots the bill for fraud lean more in your favour than most people assume. This guide walks through what those protections actually are, what you have to do to keep them, and the habits that stop fraud before it starts.

How "limited liability" works for credit cards

When people talk about zero liability, they usually mean the idea that you should not have to pay for purchases you never made. In Singapore, the relevant rule is not a marketing line from one bank. It is an industry standard, the ABS Code of Practice for Banks – Credit Cards, published by the Association of Banks in Singapore.

Under that Code, your liability for unauthorised transactions on a Singapore-issued credit card is capped at a small fixed amount, rather than the full value of whatever a fraudster ran up. In practice many banks go further and waive even that capped amount for clear-cut fraud, but the Code sets the floor of protection across the industry.

The protection comes with strings attached. It generally applies only when you did not act fraudulently yourself, you were not grossly negligent with your card or its details, and you reported the unauthorised transactions to your bank as soon as reasonably practicable.

Because the exact cap and the precise wording can be updated, treat the figure as something to confirm with your bank rather than memorise. The principle is the stable part. Report promptly, act reasonably, and you should not be left carrying the loss.

Why credit cards sit outside the Shared Responsibility Framework

In December 2024, Singapore introduced the Shared Responsibility Framework (SRF), which splits the cost of certain phishing scam losses between banks, telcos and the customer when the relevant parties fall short of their duties. It is a genuine consumer protection, and it is tempting to assume it covers everything. It does not.

MAS deliberately left credit cards out of the SRF, and the reasoning is worth understanding. Credit cards already have well-established protections that limit cardholder liability through the ABS Code. The SRF was built to close a gap for scam losses drained from bank accounts, where those older card rules did not reach.

So your credit card and your bank account follow different rulebooks. A fraudulent card charge is handled under the card protections described above. An unauthorised transfer out of your savings account is handled under MAS's e-payments and SRF rules. Knowing which regime applies tells you who to call and what to expect.

What counts as fraud, and what does not

Not every charge you dislike is "fraud" in the sense that triggers these protections. It helps to separate a few situations.

There is genuine unauthorised use, where someone got hold of your card details and spent without your permission. This is the core case the liability cap was built for.

Then there is a merchant dispute. You made the purchase, but the goods never arrived, were faulty, or you got double-charged. That is usually sorted out through a chargeback, which is a different process from fraud. We cover it in how to dispute a credit card charge.

And there is the scam you authorised, where you were tricked into entering your card details or one-time password on a fake site, or into approving a transaction yourself. These cases are the murkiest, because you took an action, and the outcome leans heavily on the facts.

Being honest with yourself about which bucket you are in actually matters. Reporting a real merchant problem as "fraud" can slow things down, and the bank will investigate either way.

What to do if your card is defrauded

If you spot a transaction you did not make, speed is your friend. It stops further losses and it preserves your protection. A sensible order of actions:

1. Call your bank's fraud hotline immediately. Ask them to block the card and flag the transactions as disputed. Save that hotline number in your phone now, before you ever need it.
2. Stop using the compromised card. The bank will usually cancel it and issue a replacement with new numbers.
3. Lodge a police report. MoneySense advises contacting your bank first, then making a police report. Banks may ask for the report reference as part of their investigation.
4. Document everything. Note the date and time you reported, the names of staff you spoke to, and screenshots of the suspicious charges.
5. Change any compromised credentials. If the fraud came through a phishing site, update your online banking password and any reused passwords elsewhere.

The single most important step for your liability is the first one. The protection rests on you reporting as soon as reasonably practicable, so a delay of weeks because you never checked your statement works against you.

Prevention habits that actually move the needle

Most card fraud is opportunistic. A handful of low-effort habits close off the easy openings.

Turn on real-time transaction alerts. A push notification for every charge is the fastest way to catch fraud within minutes instead of at month-end.

Read your statement line by line. Small "test" charges often come right before larger ones. Knowing what each line means helps here, and understanding your credit card statement goes into the detail.

Never share your card number, CVV or one-time password. No legitimate bank or merchant will ask you to read these out to "verify" your account, so treat any such request as a scam.

Set online and contactless limits you control. Many banks let you cap or switch off overseas, online or contactless spending right in the app. Tap-to-pay is convenient, but a sensible per-transaction limit reduces your exposure if the card goes missing.

Be careful where you tap your details. Stick to apps you know, and type web addresses yourself rather than following links in messages you were not expecting.

These habits feed back into your protection, not just prevention. The liability rules hinge partly on not being grossly negligent, so guarding your details and your passwords is also how you keep the safety net intact.

Credit cards versus other ways to pay

One reason a credit card is a reasonable default for everyday and online spending is the buffer it puts between a fraudster and your actual money. When a fraudulent charge hits a credit card, it lands on a line of credit that you can dispute before you ever pay it. When the same fraud hits a debit card, the money has already left your bank account, and you are waiting to get it back.

None of this means debit cards are unprotected, but the cash-flow difference is real, and it is one of the points we raise in debit vs credit cards rewards. If you are still choosing your first card, weigh the protection question alongside the rewards. How to choose your first credit card covers the rest.

What to actually remember

Credit card fraud protection in Singapore is stronger than many people realise, but none of it is automatic. The ABS Code of Practice caps your liability for genuinely unauthorised charges, as long as you did not act fraudulently or with gross negligence and you reported the problem promptly. Credit cards fall outside the Shared Responsibility Framework precisely because these protections already exist, so it pays to know which rulebook governs which account.

Day to day, that comes down to a few moves. Switch on alerts and check your statements so you catch fraud early. Guard your card details and one-time passwords so you stay inside the rules. And call your bank's fraud hotline the moment something looks wrong. Do those, and a scary unrecognised charge becomes an inconvenience the system is built to absorb, rather than a loss you carry alone. Confirm the current caps and conditions with your own bank, since the figures can change.