Singtel yesterday launched a new service that aims to improve the authentication of digital identities, a process that typically uses multi-factor authentication (MFA) – common account login processes that may be vulnerable to social engineering attacks.
Its SingVerify suite of solutions uses application programming interfaces (APIs) to authenticate digital identities registered on consumer services or platforms against a telecom operator’s data, marking the first such offering by a Singapore telco.
The use of this solution enables service providers like e-commerce platforms or banks to mitigate phishing and malware app scams.
By instantly and directly validating the consumers’ digital identities between the telco and service providers, SingVerify streamlines the multi-factor authentication process, making it a more seamless and frictionless experience.
With SingVerify, authentication is done at the service provider’s backend, which makes it more challenging for bad actors to hijack a victim’s account. Scammers often capture login credentials, or even use social engineering tactics to trick victims into revealing their MFA codes or personal identification number (PIN), allowing them to access the victim’s account.
The first solution from the suite to be launched is Number Verify, where companies can engage Singtel to validate the customers’ identities by matching their phone numbers with their registered account details on the service provider’s platform.
In future, additional APIs such as Device Location and others will be added to the suite.
As SingVerify is designed according to the GSMA Open Gateway2 framework, it can be easily deployed by any service provider, said Ng Tian Chong, Singtel Singapore’s CEO.
Currently, trading platform Tiger Brokers and mobile authentication provider, IPification, have integrated SingVerify into their existing security frameworks. The users of these services can expect to use SingVerify from the first half of this year.
Separately, Singtel and M1 have partnered to enable network-based authentication for their respective mobile subscribers through telco APIs.
This marks one of the world’s first national-level collaborations between telcos to federate a suite of APIs that will allow organisations to access real-time telco network data for authentication and fraud detection.
In Singapore, there were 50,376 reported scam cases in 2023, with the number of cases growing by 49.6 per cent over 2022, according to the Singapore Police Force.
A total of S$651.8 million were lost to scam cases in 2023. Among the top five scam concerns were phishing, which made up 12.8 per cent of all scam cases.
Besides Singapore, Indonesia’s Telkomsel, Indosat Ooredoo Hutchison, XL Axiata, and Smartfren have also announced the launch of three API services: Number Verify, SIM Swap, and Device Location.
