GovTech steps up Singpass policing, with anti-fraud team on 24/7 e-patrol
Sign up now: Get ST's newsletters delivered to your inbox
Facial verification protects citizens’ online accounts by matching their faces with government records in real time.
PHOTO: GOVTECH
Follow topic:
SINGAPORE – Multi-coloured lights flash for several seconds as Singpass scans users’ faces before the authentication tool lets them bank or transact online.
This feature activates randomly or when cyber intrusion is suspected, drawing on the intelligence gathered by an elusive anti-fraud team at the Government Technology Agency (GovTech).
Facial verification protects citizens’ online accounts by matching their faces with government records in real time. It deters remote online activities on users’ accounts, including malware infections, without their knowledge.
The heightened checks have come on the heels of a spate of phishing scams in 2021 and 2022 targeting OCBC customers, who lost a total of about $13.7 million
The incident, and the discovery that scammers had also targeted Singpass accounts, prompted GovTech to set up its anti-fraud team in 2022.
Since then, its intrepid fraud response specialists, data analysts and data scientists have been hunting down unusual Singpass activities round the clock. They rely on fraud analytics and machine learning models to monitor account activities and alert the police. The police may direct GovTech to suspend compromised Singpass accounts.
Stolen Singpass accounts had been used to open bank accounts and register mobile lines to conduct fraudulent activities.
“Scammers are always looking for ways to bypass banks and our defences to create fraudulent bank accounts. So, we have to stay ahead of them,” said Mr Woo Chia Hann, who leads anti-fraud intelligence and response in the Singpass anti-fraud team, on Aug 25.
Speaking to the media for the first time since his team’s formation, Mr Woo said their capabilities have helped the police disrupt money mule operations and led to arrests.
Thousands of fraudulently opened financial accounts and SIM cards had been terminated in 2024, he added.
He would not reveal the team’s exact staffing strength, but said it has more than 10 experts hired from the private sector, who are based at the police’s anti-scam command in the Police Cantonment Complex.
Assistant Superintendent Lau Wai Khin, a senior investigation officer at the anti-scam centre of the Commercial Affairs Department, said: “The co-location facilitates quicker sharing of information required for investigations and enables the police to leverage Singpass’ fraud analytics capabilities that identify and flag unusual account activities.”
The increased surveillance comes as Singpass becomes more ubiquitous, used by more than five million residents to access over 2,700 services – from banking and insurance to healthcare and e-commerce.
For example, OCBC customers can use their Singpass credentials for mobile banking. Insurers like Income and Great Eastern also allow customers to log into their apps using Singpass.
Since June 2024, e-commerce platform Carousell has required users listing properties and tickets to verify their identities using Singpass to combat scams.
Singpass also enables the virtual signing of documents. The signature is encrypted and linked to the signee, whose identity is automatically validated against the Government’s database at the point of signing. For instance, property caveats e-lodged with the Singapore Land Authority can be signed using the Singpass app
Singpass also secures access to the 300,000 transactions performed daily using MyInfo, a service that allows users to fill in digital forms with their personal data drawn from government databases.
Using Singpass and MyInfo, new bank accounts and telco lines can be set up in Singapore, and dating app Coffee Meets Bagel
Supermarket chain FairPrice also verifies the identities of customers on financial assistance schemes by using Singpass and MyInfo, before giving them in-store discounts.
“Because they are so widely used, Singpass credentials are extremely valuable. A compromised account can result not only in financial losses but also in identity theft,” said Mr Woo.
Scam activities typically coincide with major events held here such as concerts and the Singapore Grand Prix, preying on people who are distracted while making transactions. It is hoped that the flashing lights for facial verification would act as an alert.
In 2024, scam victims here lost a record $1.1 billion $456.4 million was lost to scams
In 2024, four people were arrested for allegedly facilitating scammers by selling their Singpass accounts to them
Since early 2024, disclosing one’s own or obtaining someone else’s Singpass credentials to facilitate an offence has been illegal under the amended Computer Misuse Act.
Most recently, through an islandwide anti-scam enforcement operation in July, 15 people were investigated for allegedly relinquishing their Singpass credentials to facilitate scams.
Against such risks, GovTech and the police advise users not to divulge any Singpass credentials – whether over the phone, e-mail or SMS, or on social media.
“Don’t transact while on the move, and keep your Singpass profile details updated so you will receive transaction alerts,” said Mr Woo.
Security tips
Never share your Singpass credentials – ID, password, SMS one-time passwords or app passcode.
Government agencies, banks and legitimate organisations will never ask for these credentials via phone, e-mail, SMS or social media.
Don’t transact while on the move or when distracted. Scammers prey on people who click on “OK” too quickly.
Keep your contact details updated in Singpass so that you receive transaction alerts.
Check your transaction history in the Singpass app/portal and report any unauthorised activity immediately.
If in doubt, contact the Singpass helpdesk on 6335-3533 and press 9 after dialling in for 24-hour scam support, or call the ScamShield helpline on 1799.
