Commentary: Singapore’s SIM card misuse law - a shield against scams or just more cat-and-mouse games?
Making it harder for scammers to get local phone numbers should help in the fight against phishing scams, but perhaps not the more common job and e-commerce cons, says Dedoco’s Jason Williamson, a founding member of the Global Anti-Scam Alliance’s Singapore chapter.
SINGAPORE: How do you decide whether to accept a call from an unknown number? As people become more wary of +65 calls and overseas scammers spoofing local numbers with Singapore’s country code, scammers have been adapting by using local numbers to dupe unwitting victims.
Singapore's new law making it illegal to sell or misuse SIM cards for scams is a much-needed hard line in the fight against scams, making it tougher to access an authentic local number. But will the move help put an end to job and e-commerce scams that have seen an unprecedented boom in 2023?
Job scams, the most reported con in Singapore that exploits those seeking ad hoc income and flexible work, are part of a growing trend of fraudsters using Facebook, WhatsApp and Instagram to target potential victims.
What makes these platforms fertile ground for such fraud? Their need for constant growth means a frictionless sign-up process is good for business - social media and messaging platforms do not acquire 3 billion daily active users by making life hard for potential new customers.
And herein lies the crux of the issue. Despite needing a phone number on registration, there is often no requirement to tie this to an authentic identity - making it an open playground for fake and untraceable profiles. Online job hunters are then left to assess the legitimacy of online opportunities with limited information, a recipe that often leads to loss.
Although this may feel like a dereliction of duty by these platforms, the reality is that a shift toward stricter authentication is simply at odds with business objectives. The race to acquire new users and sell advertising aligns them with the wants of most regular users - both happy for minimal identity checks to keep things easy.
CAT AND MOUSE GAME WITH SCAMMERS
Can the same be said for scams on our favourite e-commerce sites? Fortunately, the requirement to authenticate seller accounts with phone numbers linked to our identity is established best practice. Yet sadly, as with the variety of safety measures companies can implement to safeguard consumers, different sites mean different standards.
The Ministry of Home Affairs’ E-Commerce marketplace Transaction Safety Ratings initiative essentially names and shames major sites that fall short. It does not however carry the necessary teeth to mandate change, but only provides advice on what to look out for. The outcome for consumers is they can continue to shop where their hearts desire despite the absence of basic protections.
What becomes clear is that setting our sights squarely on middlemen in the scam supply chain will have limited impact without addressing the issue of identity more holistically.
SIM card ownership is just one of many checks that scammers navigate to get a direct line to potential victims. The ever-evolving nature of scams and their channels of choice means that as one door closes, another will be prised open.
Stemming the supply of illicit local numbers will most likely drive scammers onto platforms that require the least stringent checks. And the chase continues.
NAVIGATING THE ROAD AHEAD
One area where the new legislation should have impact is scams that use local numbers for direct interactions with their victims: Think phishing calls from fake Singaporean companies or agencies and unofficial links in suspicious-looking SMSes.
This threat is sadly ever present, with the Singapore Police Force and the Infocomm Media Development Authority (IMDA) observing signs that SIM cards purchased by locals are increasingly being misused for scams. In 2023, over 23,000 local mobile lines were involved in cybercrimes.
The worry if identity continues not to be tied to digital accounts and communication is that illicit online transactions will remain in the realm of the untraceable. But is it as straightforward as regulators forcing companies to make more stringent checks or turn off the lights?
The reality is these global tech giants wield serious clout in the markets they operate - many users depend on them for a range of legitimate business and personal matters. Regulators must hold business interest and public protection in a delicate balance when looking to mandate change.
THE REGULATORY CHALLENGE
One proactive step already announced is the Monetary Authority of Singapore and IMDA’s Shared Responsibility Framework, which proposes to subject telecommunications operators to financial repercussions if they are found to have breached basic responsibilities, such as upstream measures like spam filters and the diligent management of SMS sender IDs aiming to restrict scams in circulation.
Could companies be doing more to help safeguard consumers? Recent industry initiatives showcase the potential power of authenticated digital identities during the final stages of a scam.
Singtel’s SingVerify, delivered in partnership with fellow provider M1, authenticates user identities for service providers to stop unauthorised access to our favourite apps and accounts. The challenge for lawmakers is how to knit this patchwork of private sector initiatives and legislation into a cohesive framework to reduce scams in the aggregate.
Our ability as consumers to navigate the authentic from the impersonated remains the biggest challenge to a real reduction in the volume of scams. Making identity the first line of defence against scams could help us verify parties across all digital interactions. Else, we might find ourselves applying a band-aid to what may be the first of a thousand cuts.
Jason Williamson is a Vice-President at Dedoco and a founding member of the Global Anti-Scam Alliance’s Singapore chapter.