SINGAPORE: Identity data on Singtel and M1 customers’ mobile SIM cards can now be used as an additional layer of security to thwart online scams.
The SingVerify system works in the background to fend off scammers who might have stolen a victim’s credentials to access his banking or e-commerce account. The transaction would be denied if the scammer uses a device that does not carry the victim’s Sim card.
SingVerify is targeted at banks and e-commerce platforms, among others, that handle money or sensitive user data. These firms will have to sign up and pay for the SingVerify service to protect their customers, said Singtel during a media briefing on March 6.
So far, online trading app Tiger Brokers and mobile authentication service provider IPification have signed up for SingVerify, developed by Singtel. It is yet to be seen which banks and services here will implement the new measure.
M1 has also signed an agreement with Singtel to share real-time telco network data for authentication purposes.
SingVerify will be expanded by July to verify a user’s identity by checking his location, and whether it is consistent with where the app is being accessed, making transactions on devices without a Sim card more secure.
The first among telcos here, SingVerify works in the background with current Sim cards in addition to SMS one-time passwords and other multi-factor authentication measures such as face and fingerprint scans.
Today’s verification methods - passwords, tokens, verification apps like Singpass and biometric scans - are susceptible to social engineering tactics. SingVerify serves as a final line of defence for victims who are tricked into entering their credentials into phishing websites that allow fraudsters to capture their passcodes and details.
“With SingVerify, we can augment the multi-factor authentication process by leveraging real-time telco network data and conducting authentication in the background...mitigating the human risk in authentication,” said Singtel enterprise managing director Lim Seng Kong.
SingVerify will match customers’ phone numbers registered with a service provider - be it a bank or e-commerce platform - against real-time information held by the telco to verify the customers’ identity.
The tool does not only help to authenticate logins to an app, it can also verify users’ identities in password resets, changing of bank transfer limits, adding of a new payee or overseas fund transfers.
SingVerify does not give away sensitive user information, but indicates to platforms whether a user’s identity is “true or false”, said Lim.
SingVerify and the approach taken by M1 is designed in accordance with the Open Gateway framework established by GSMA, a global lobby organisation for telcos. The framework standardises how telcos can effectively share network data with developers for use in apps and anti-fraud tools.
The new measures comes on the heels of rising scams and cybercrimes here, with 50,376 cases reported in 2023, altogether involving more than $650 million lost, according to the latest police statistics.
Phishing scams were among the top five scams of concern, accounting for more than one in ten scam cases. - The Straits Times/ANN