News

Today (6 March 2024), announced , a new service for businesses to help fight against scams, fraudulent transactions or log-ins, through checks made against Singtel’s data. Singtel described SingVerify as an authentication solution for other consumer services by . This is done via Application Programming Interfaces ( ), which businesses can choose to include in their mobile apps. Businesses can protect users by adding an additional element of user verification with SingVerify, on top of existing authentication methods. Users of these businesses can be greenlighted without any extra input from them, since they are . For the end-user, it adds another layer of protection against phishing scams and fraudulent log-in attempts, since it’s an extra step of verification that scammers or bad actors need to overcome. In a media briefing session, Singtel said it has two SingVerify APIs available. available at launch, validates the end-user’s identity by matching their phone numbers with their registered account details. In the example given, a hacker or scammer trying to phish for login details would fail login attempts, because the device they use does not match the device or phone number records found in the telco’s data. The other is , which checks whether the log-in attempts are made on the correct network in the correct country. The example below assumes that the phone is not anywhere near the hacker's laptop, nor is it using the correct network. In Singtel’s example, the scammers would fail because the device attempting a login is not located where it should be, even if the bad actor mirrors the user and has the correct passwords or OTPs.  These API calls are made silently and in the background, so users do not need to key in more information or provide more details to authenticate their logins to their favourite services and apps. Currently, businesses like Tiger Brokers and IPification are integrating SingVerify into their existing security frameworks to add more security for their customers. Since these are APIs, SingVerify is also available for implementation by other businesses. Banking apps, e-commerce apps, or social media apps can implement SingVerify to provide an extra layer of authentication for their users. Singtel clarified that it’s to businesses through SingVerify. Singtel sells a Yes/No answer backed by their data to verify if a log-in elsewhere is legitimate.  For example, if a bank implements SingVerify in its authentication flow, SingVerify (and other authentication methods) can become a part of its verification process. SingVerify doesn’t reveal any details of its user to the business (e.g. the bank); it only confirms whether the user is conducting legitimate log-ins by checking it against their data. Of course, Singtel isn’t doing this out of the goodness of its heart, even if the intention is noble. Singtel charges these businesses based on the number of SingVerify API calls made. SingVerify is not treated as the be-all and end-all solution to verifying whether users are real. In a multi-factor authentication landscape, (e.g., biometrics, emails, customer walk-ins) to augment user log-ins and use SingVerify. Singtel also added that SingVerify can verify across partnered telcos data, such as M1. For example, an M1 user can also be verified on SingVerify, since the authentication stage would forward the API call to the correct telco to confirm the legitimacy of the user logging in. Singtel also clarified that some of these user protection methods would not necessarily work if scammers or hijackers could remotely control devices. For example, Device Location API relies on verifying that the user is in the correct location, which means it doesn’t prevent log-ins from happening after a hostile takeover of a device. This is why there are multiple SingVerify APIs for businesses to implement.  An API is simply software with a specific function, allowing two services or applications to talk to each other. SingVerify APIs allow third-party apps to make backend requests to verify data against Singtel's information. SingVerify is built upon an existing framework spearheaded by GSMA called . In short, this initiative allows telcos worldwide to use their customer data to provide better service and experience through their networks without exposing their data to third parties. An example would be using Open Gateway APIs with video streaming apps to enhance mobile network connectivity. Users can watch shows or livestreams with minimal disruptions. The app developer or business would only need to include the correct APIs in the app to enhance their services for users on specific telco networks. At the time of reporting, approximately 239 mobile networks, or 65% of mobile connections worldwide, are . Most of these operators use Open Gateway APIs to authenticate transactions, combat fraud, and act against identity theft.