Singtel launches new anti-scam tool, uses SIM card data for identity verification

SingVerify works in the background in addition to SMS one-time passwords and other multi-factor authentication measures. ST PHOTO: DESMOND WEE

Updated

Published

Mar 06, 2024, 02:32 PM

SINGAPORE – Identity data on Singtel customers’ mobile SIM cards can now be used as an additional layer of security to thwart online scams.

Developed by Singtel, the SingVerify system works in the background to fend off scammers who might have stolen a victim’s credentials to access his banking or e-commerce account. The transaction would be denied if the scammer uses a device that does not carry the victim’s SIM card.

SingVerify is targeted at banks and e-commerce platforms, among others, that handle money or sensitive user data. These firms will have to sign up and pay for the SingVerify service to protect their customers, said Singtel during a media briefing on March 6.

So far, online trading app Tiger Brokers and mobile authentication service provider IPification have signed up for SingVerify. It is yet to be seen which banks and services here will implement the new measure.

M1, which told The Straits Times it is testing a similar security feature to SingVerify, has also signed an agreement with Singtel to use real-time telco network data for authentication purposes.

SingVerify and the approach taken by M1 are designed in accordance with the Open Gateway framework established by GSMA, a global lobby organisation for telcos. The framework standardises how telcos can effectively use network data with developers for use in apps and anti-fraud tools.

SingVerify will be expanded by July to verify a user’s identity by checking his location, and whether it is consistent with the location where an app is being accessed, making transactions on devices without a SIM card more secure.

The first SIM-linked security measure among telcos here, SingVerify works in the background with current SIM cards in addition to SMS one-time passwords and other multi-factor authentication measures such as face and fingerprint scans.

Current verification methods – such as passwords, tokens, verification apps like Singpass and biometric scans – are susceptible to breaches via social engineering tactics. SingVerify serves as a final line of defence for victims who have been tricked into entering their credentials into phishing websites for fraudsters to capture their passcodes and details.

“With SingVerify, we can augment the multi-factor authentication process by leveraging real-time telco network data and conducting authentication in the background... mitigating the human risk in authentication,” said Singtel enterprise managing director Lim Seng Kong.

SingVerify will match customers’ phone numbers registered with a service provider – be it a bank or e-commerce platform – against real-time information held by the telco to verify its customers’ identity.

Not only does the tool help to authenticate logins to an app, it can also verify users’ identities in password resets, changing of bank transfer limits, adding of a new payee, or overseas fund transfers.

SingVerify does not give away sensitive user information, but indicates to platforms whether a user’s identity is “true or false”, said Mr Lim.

The new measures come on the heels of rising scams and cybercrimes here, with 50,376 cases reported in 2023, altogether involving the loss of more than $650 million, according to the latest police statistics.

Phishing scams were among the top five scams of concern, accounting for more than one in 10 scam cases.

Correction note: In an earlier version of the story, we said that Singtel and M1 customers’ mobile SIM cards can now be used as an additional layer of security. This is incorrect, as M1 has since clarified that their service is still being tested.

Join ST's Telegram channel and get the latest breaking news delivered to you.