Online communication services and e-commerce services must tighten processes for user identification, verification, and other aspects of sales, transactions and payments
The recent spate of ticketing scams in Singapore during the Taylor Swift concerts were a timely reminder of the increasing ease and lack of cyber vigilance awareness in users of ticketing platforms and apps facilitating the sale/exchange/resale of various products and services.
Two “codes of practice” take affect in Singapore — applicable to “online communication services” platforms and “e-commerce” retailers — specifying that operators boost detection and deterrence of scams, prevent fake accounts or bots, require strong login verification, and submit yearly reports on the implementation of these measures. On 24 June 2024, new government regulations in the country went into force to ensure that platforms such as Facebook, WhatsApp, Instagram, Telegram, WeChat and Carousell with a history of hosting ads that had resulted in scams and disputes, will do more to protect users. They have until 31 Dec 2024 to comply. The aforementioned code of practice for e-commerce platforms starts on 26 Jun 2024.
For six months, these platforms can focus their verification efforts on “risky sellers”. Should the number of undesirable incidents not drop considerably, more comprehensive verification mandates may be imposed on the industry.
Cybersecurity expert opinions
What do some industry observers think of the new measures? According to Abhishek Kumar Singh, Head, Security Engineering, Check Point Software Technologies, up until now, there had been no regulations that can effectively verify seller identities on these marketplaces.
“This year alone, it was reported (in Singapore) that there have already been over 400 victims allegedly losing S$1.8m to ‘fake buyer’ phishing scams on Facebook and Carousell. This alarming trend does indeed highlight the need for more stringent measures to protect consumers,” said Singh.
According to Kelvin Lim, Senior Director, Security Engineering, Synopsys Software Integrity Group, while the new measures are useful, users of them platforms and services also need to protect themselves.
They can do so by “reporting any suspicious activity, keeping informed of the most recent scam techniques through news and alerts, reading user testimonials/ratings, knowing the telltale cues of scammers, and making use of the official secure payment option or safe, traceable payment options.”
