SINGAPORE: In our digital world, almost all transactions can be carried out on our mobile devices.
In Singapore, Singpass offers secure and convenient access to essential government e-services. It has become a means of user verification for important transactions, such as opening bank accounts or applying for loans.
But with its growing use, criminals have been known to fraudulently obtain Singpass credentials to facilitate scams and launder scam proceeds. The government has been cracking down on people who sell their Singpass and internet banking credentials to such criminals.
Perhaps more troublingly, two recent cases have revealed that fraudsters can sometimes come from unexpected sources: our own family and friends.
On Sep 8, Yu Mingyan was sentenced to jail for 18 months and two weeks, and fined S$30,000 (US$23,000), for transferring S$54,000 from his friend’s Central Provident Fund (CPF) account to himself. The victim was bedridden and could not move or speak.
When confronted by the victim’s sister, Yu denied the allegation and forged a police report to support his denial.
In a separate case, a teenager pleaded guilty on Sep 3 to taking S$25,000 from his father’s CPF account and loans of more than S$68,000 from the man’s insurance policy. The boy cannot be named as he was under 16 at the time of the offence. He will be sentenced in October.
Yu accessed the victim’s CPF account by guessing her phone and mobile application passwords, which he could do because he was her close friend. Similarly, the teen knew his father’s login credentials because he helped his father pay insurance premiums and check CPF balances.
These cases show that, in addition to taking measures to protect ourselves from scammers, we need to ensure that those nearest and dearest to us do not have the ability to siphon our funds secretly.
It is helpful to restate the risks of sharing account details and passwords with friends and family. First, there is the obvious risk that the third party could steal monies from CPF and bank accounts, and misuse those funds.
Second, the third party could use the victim’s Singpass credentials to execute transactions that carry legal implications. For example, a family member may change the nomination of the victim’s CPF funds or insurance payouts upon the victim’s death to themselves.
By the time the change is discovered upon the victim’s death, it may be too late as the CPF Board or insurer may have already paid out the nominated family member.
The third party may also incur debt by taking out personal loans or credit cards in the victim’s name, and thereafter spend those monies. As banks rely on digital tokens and Singpass credentials to ensure that they are transacting with the correct person, the banks are likely to issue those loans or credit cards without further verification of the customer’s identity.
Once the loans are disbursed and the money is spent, the victim may still be required to repay the loan or credit card debt to the bank, thereby being placed in a perilous financial situation.
Suing may also not be a viable option, as the family member or friend would unlikely have the ability to compensate the victim, not to mention that commencing any legal action would incur further legal costs which might be difficult to recover.
Third, the family member or friend could misuse the victim’s Singpass credentials for other criminal acts, such as money laundering or scam-related offences. While the victim himself may not be guilty of any offence, this would be of scant consolation as he would still face the stresses of being placed under investigation, and the guilt of knowing that his Singpass and bank accounts had been used to facilitate scams.
Commonly, those who share their digital credentials with their family or friends tend to be seniors who are unable to navigate online services themselves. They would ask a younger family member to help them transact online and disclose their login credentials for that purpose. They would then become vulnerable to that family member misusing the credentials for ancillary purposes.
Even if disclosing one’s Singpass or internet banking credentials may be necessary for a specific purpose, we should be mindful to only disclose what is necessary for that purpose, and ensure that the passwords are changed thereafter. People can also consider utilising features like Money Lock to ensure that those funds cannot be transferred out online, and can only be done so at a bank branch or an ATM.
Currently, anyone who suspects that their Singpass credentials have been compromised can suspend their Singpass account by calling the Singpass Helpdesk. It would be prudent for the government to consider more safeguards to prevent the misuse of Singpass credentials under certain situations, for instance if a person is incapacitated.
Finally, as companies become more digitised, it is vital that users are always given the option to perform transactions in person. This ensures that those unable to access e-services themselves – individuals most vulnerable to their digital credentials being misused – will always be able to perform transactions personally.
Sometimes, doing things the old way may be the safer option.
Mark Yeo is a Director at Fortress Law Corporation. He was formerly a Deputy Public Prosecutor with the Attorney-General’s Chambers.
Continue reading...
In Singapore, Singpass offers secure and convenient access to essential government e-services. It has become a means of user verification for important transactions, such as opening bank accounts or applying for loans.
But with its growing use, criminals have been known to fraudulently obtain Singpass credentials to facilitate scams and launder scam proceeds. The government has been cracking down on people who sell their Singpass and internet banking credentials to such criminals.
Perhaps more troublingly, two recent cases have revealed that fraudsters can sometimes come from unexpected sources: our own family and friends.
On Sep 8, Yu Mingyan was sentenced to jail for 18 months and two weeks, and fined S$30,000 (US$23,000), for transferring S$54,000 from his friend’s Central Provident Fund (CPF) account to himself. The victim was bedridden and could not move or speak.
When confronted by the victim’s sister, Yu denied the allegation and forged a police report to support his denial.
In a separate case, a teenager pleaded guilty on Sep 3 to taking S$25,000 from his father’s CPF account and loans of more than S$68,000 from the man’s insurance policy. The boy cannot be named as he was under 16 at the time of the offence. He will be sentenced in October.
Yu accessed the victim’s CPF account by guessing her phone and mobile application passwords, which he could do because he was her close friend. Similarly, the teen knew his father’s login credentials because he helped his father pay insurance premiums and check CPF balances.
These cases show that, in addition to taking measures to protect ourselves from scammers, we need to ensure that those nearest and dearest to us do not have the ability to siphon our funds secretly.
THE RISK OF FRIENDS AND FAMILY MISUING SINGPASS CREDENTIALS
It is helpful to restate the risks of sharing account details and passwords with friends and family. First, there is the obvious risk that the third party could steal monies from CPF and bank accounts, and misuse those funds.
Second, the third party could use the victim’s Singpass credentials to execute transactions that carry legal implications. For example, a family member may change the nomination of the victim’s CPF funds or insurance payouts upon the victim’s death to themselves.
By the time the change is discovered upon the victim’s death, it may be too late as the CPF Board or insurer may have already paid out the nominated family member.
The third party may also incur debt by taking out personal loans or credit cards in the victim’s name, and thereafter spend those monies. As banks rely on digital tokens and Singpass credentials to ensure that they are transacting with the correct person, the banks are likely to issue those loans or credit cards without further verification of the customer’s identity.
Once the loans are disbursed and the money is spent, the victim may still be required to repay the loan or credit card debt to the bank, thereby being placed in a perilous financial situation.
Suing may also not be a viable option, as the family member or friend would unlikely have the ability to compensate the victim, not to mention that commencing any legal action would incur further legal costs which might be difficult to recover.
Third, the family member or friend could misuse the victim’s Singpass credentials for other criminal acts, such as money laundering or scam-related offences. While the victim himself may not be guilty of any offence, this would be of scant consolation as he would still face the stresses of being placed under investigation, and the guilt of knowing that his Singpass and bank accounts had been used to facilitate scams.
Related:
SAFEGUARDS TO PROTECT THOSE VULNERABLE TO IDENTITY THEFT
Commonly, those who share their digital credentials with their family or friends tend to be seniors who are unable to navigate online services themselves. They would ask a younger family member to help them transact online and disclose their login credentials for that purpose. They would then become vulnerable to that family member misusing the credentials for ancillary purposes.
Even if disclosing one’s Singpass or internet banking credentials may be necessary for a specific purpose, we should be mindful to only disclose what is necessary for that purpose, and ensure that the passwords are changed thereafter. People can also consider utilising features like Money Lock to ensure that those funds cannot be transferred out online, and can only be done so at a bank branch or an ATM.
Currently, anyone who suspects that their Singpass credentials have been compromised can suspend their Singpass account by calling the Singpass Helpdesk. It would be prudent for the government to consider more safeguards to prevent the misuse of Singpass credentials under certain situations, for instance if a person is incapacitated.
Finally, as companies become more digitised, it is vital that users are always given the option to perform transactions in person. This ensures that those unable to access e-services themselves – individuals most vulnerable to their digital credentials being misused – will always be able to perform transactions personally.
Sometimes, doing things the old way may be the safer option.
Mark Yeo is a Director at Fortress Law Corporation. He was formerly a Deputy Public Prosecutor with the Attorney-General’s Chambers.
Continue reading...