All organisations which communicate with the public through SMSes will have to list their SMS sender IDs with a government-backed central registry if a multi-pronged proposal to tackle scams goes through.
Singapore’s SMS Sender ID Registry (SSIR), which started operating in March this year, is said to be able to detect and block spoofed SMSes upfront.
It is operated by the Infocomm Media Development Authority’s (IMDA) subsidiary Singapore Network Information Centre.
Since its launch, over 120 public and private sector organisations have registered.
Since the launch of the registry, the number of SMS scam cases reported has declined threefold, said the IMDA on Monday (Aug 15).
“To build stronger scam prevention capabilities, we intend to make SSIR registration a requirement for organisations that use sender IDs,” said the IMDA.
This means that only registered sender IDs will be allowed to send SMSes. All other non-registered sender IDs will be blocked by default.
“This further safeguards SMS as a communication channel,” said the IMDA.
To give organisations time to register, the IMDA proposed a transition period from October to the end of this year.
As additional safeguard, the IMDA also proposed that telcos install machine reading technology to identify and filter potential scam messages upstream on their networks.
Some of the solutions include the ability to detect and filter malicious links within SMSes.
The proposed measures are outlined in a consultation, which will close on Sept 9.
Among organisations listed on the registry is the Central Provident Fund (CPF) Board, which advised the public in July that all SMSes from sender ID “CPF Board” are legitimate.
The CPF Board now sends SMSes using only the sender ID “CPF Board” on matters pertaining to CPF, Workfare and Silver Support. It has stopped using sender IDs “SG-Workfare” and “SG-SSS”.
Mr Teo Chee Hean, Coordinating Minister for National Security, had said in July that all government agencies would progressively join the registry, and pledged to only use links when it is important to mobilise large numbers quickly and when other channels are assessed to be less effective.
In addition, public agencies will use only domains ending with “.gov.sg” when sending SMS messages with links.
“But there are some exceptions such as websites that are collaborations between government agencies and non-government entities,” said Mr Teo.
“Such legitimate websites are listed on www.gov.sg/trusted-sites, which users are encouraged to check if they are asked to transact on unfamiliar website domains.”