Plans for all Singaporeans to get new e-IC for online transactions on the cards

Singaporeans could each, in future, be issued with an e-identity card (e-IC) that can be used for all online transactions.
Singaporeans could each, in future, be issued with an e-identity card (e-IC) that can be used for all online transactions.PHOTO: ST FILE

Trial soon on mobile digital ID system usable for online transactions

Singaporeans could each, in future, be issued with an e-identity card (e-IC) that can be used for all online transactions, including those with government agencies and commercial firms such as banks.

The Government is mulling over advanced technologies, believing that an e-IC would better protect online identities, as threats of fraud and identity theft mount.

The Straits Times understands that the e-IC, which would sit in the cellphone SIM card, does not replace the physical identity card.

An e-IC would also allow people to ditch their multiple e-banking tokens with different banks, and remove the hassle of remembering different usernames and passwords.

It would be similar to the kind of e-IC that is in use in places such as Hong Kong, Estonia and Finland.

In tender documents seen by The Straits Times, the Infocomm Development Authority (IDA) said: "Digital identification and authentication are growing in importance. Today, identity is a core enabler for a wide range of services." The Mobile Digital ID, as the e-IC project is now called, would sit in the cellphone SIM card, according to details in the tender, which closes on March 31.

The Mobile Digital ID will be based on advanced encryption techniques, known as public key infrastructure (PKI), that are more secure than and could supersede the use of one-time passwords (OTPs), which are delivered via SMS or generated by a security token.

The IDA believes the idea has potential to work in Singapore, which has among the highest mobile penetration rates in the world, hovering at 150 per cent. This means each individual has at least one cellphone.

The IDA is looking for contractors to design and build the system for a four-month trial with the Monetary Authority of Singapore and Ministry of Health. While no timeframe was given for the project, a trial will begin as early as next month to assess its ease of use and whether it meets needs.

Today, people need to remember their usernames and passwords to log into a website. For some transactions, they need to enter an OTP. With the proposed system, authentication is done by entering and sending a personal identification number (PIN) tied to the Mobile Digital ID account via SMS.

With PKI, hackers will not be able to capture the PIN even if they intercept an SMS. Fraudulent transactions on fake websites will also not be possible as the encrypted PIN must match the user's record in the central system. If the owner loses his cellphone, he will have to report its loss as he would a lost identity card. Scammers will only be able to use the e-IC on the cellphone if they know the owner's PIN.

Mr Aloysius Cheang, Asia-Pacific managing director of global computing security association Cloud Security Alliance, said: "The investment will be huge for such a system, although it seems much easier for even the uninitiated and promotes e-commerce on the go."

Correction: The headline of this article has been edited for clarity.  

A version of this article appeared in the print edition of The Straits Times on March 16, 2016, with the headline 'E-identity cards for all S'poreans on the cards'. Print Edition | Subscribe