Singapore will soon tag SMS messages sent from organisations that are not registered with the local ID registry as spam. The move is the latest in a series of measures the country has rolled out to combat online scams.
Starting January 31, all businesses not on the Singapore SMS Sender ID Registry (SSIR) will have their messages labelled as "Likely-SCAM", according to industry regulator Infocomm Media Development Authority (IMDA). Registering with the SSIR will enable organisations to use alphanumeric Sender IDs when they push out SMS messages to customers.
The mandate would better safeguard consumers against potential scams as well as facilitate tracking when scam messages were sent to local mobile users, the Singapore regulator said. Scam cases initiated via SMS accounted for some 8% of scam reports in the second quarter of last year, compared to 10% in 2021.
Since the registry was set up last March, the number of SMS scams had dipped by 64% between fourth-quarter 2021 and second-quarter 2022, IMDA said.
More than 1,200 companies currently are on the SSIR, including financial institutions, e-commerce operators, logistics services providers, and small and midsize businesses (SMBs). These business entities have more than 2,600 SMS Sender IDs between them.
Under IMDA's directive, businesses must use only SMS services providers or aggregators licensed by the regulator and that are participating in the SSIR.
Businesses should give themselves sufficient time to sign up for the registry before the Likely-SCAM tag kicks in on January 31, said IMDA, which is also exploring further measures such as giving mobile users the option not to receive international SMS messages or calls.
The Singapore government over the past year had urged the need for shared responsibility in preventing online scams, following a massive phishing scam involving OCBC Bank customers that resulted in losses totalling SG$13.7 million ($10.18 million). Several measures also were introduced to beef up local banking and communications infrastructures, including a "kill switch" banks must provide to enable customers to suspend their accounts in a suspected breach.