Singapore
Singapore banks and insurers to review NRIC practices following public concerns
Singapore banks and insurers are reviewing their use of National Registration Identity Card (NRIC) numbers after recent public concern.
The Association of Banks in Singapore (ABS) and insurance associations assured customers that NRIC numbers alone cannot authorise transactions and stressed multi-factor authentication measures.
SINGAPORE: Banks and insurers in Singapore are conducting a thorough review of their practices regarding the use of National Registration Identity Card (NRIC) numbers.
This comes amid heightened public concern following an incident involving the unmasking of NRIC numbers on a government portal, which led to anxiety about identity theft and fraud.
The Association of Banks in Singapore (ABS) announced on Thursday (19 Dec), that NRIC numbers alone cannot be used to effect payments or fund transfers.
It noted that banks use multi-factor authentication for online services and additional controls for high-risk activities such as high-value fund transfers, adding new payees, or raising transfer limits.
ABS acknowledged that NRIC numbers are important for identifying customers, particularly those with identical names, and for providing efficient over-the-counter services.
However, it stressed that banks are reviewing their practices to enhance security and adapt to changing needs.
In situations requiring urgent assistance, such as ongoing scams, banks sometimes use NRIC numbers to quickly identify customers and prevent fraudulent transactions.
“We seek customers’ understanding that some existing practices may be changed as a result,” ABS said.
It also advised customers against using NRIC numbers or other personal information, such as their name or date of birth, as login passwords.
Similarly, the General Insurance Association of Singapore (GIA) and the Life Insurance Association, Singapore (LIA), issued a joint statement on Thursday, assuring policyholders that NRIC numbers alone cannot be used to purchase, surrender, or alter policies, nor to submit claims or change payment details.
Insurers also employ multi-factor authentication and are reviewing their practices.
Incident involving unmasked NRIC numbers
The reviews follow a recent incident involving the Bizfile portal, managed by the Accounting and Corporate Regulatory Authority (ACRA), which revealed full NRIC numbers in its search results. This sparked public anxiety and criticism.
On 19 December 2024, Minister for Digital Development and Information Josephine Teo and ACRA Chief Executive Chia-Tern Huey Min addressed the matter at a press conference, expressing regret for the oversight.
Minister Teo acknowledged the public’s concerns and apologised for the distress caused.
She explained that the incident arose from a misunderstanding of an internal circular issued by the Ministry of Digital Development and Information (MDDI).
The circular had directed government agencies to phase out the use of masked NRIC numbers internally. However, ACRA mistakenly applied the directive to its public-facing Bizfile portal.
“The main purpose of the NRIC is to be a unique identifier; it cannot be a secret, just as our names are not secret,” Minister Teo explained.
She added that while the NRIC serves as an identifier, its dual role as an authenticator increases vulnerability to identity theft and fraud.
Algorithms can potentially reconstruct full NRIC numbers using partial data combined with other personal information, making masking ineffective.
ACRA Chief Executive Chia-Tern Huey Min echoed the apology, acknowledging a lapse in coordination between staff.
The July directive from the MDDI was intended to uphold the NRIC’s role as a unique identifier while reducing reliance on masked numbers, which provide a false sense of security.
“Unfortunately, there was a misunderstanding, and ACRA proceeded on the assumption that it should unmask NRIC numbers on the new Bizfile portal,” she explained.
She added that steps are being taken to ensure such lapses do not recur.
Wider implications and security concerns
The saga highlights broader concerns over the use of NRIC numbers in both public and private sectors.
Singaporeans expressed worries about the risks associated with using NRIC numbers as both identifiers and authenticators, urging organisations to adopt alternative authentication methods to reduce dependence on such sensitive information.
-
Politics6 days ago
Tan See Leng and K Shanmugam threaten Bloomberg with legal action over GCB transaction report
-
Property1 week ago
Bloomberg: Nearly half of 2024 GCB transactions lack public record, raising transparency concerns
-
International2 weeks ago
Israel conducts large-scale military operations in Syria and seizes Golan Heights positions
-
Opinion2 days ago
Government’s backtracking on NRIC unmasking and the miscommunication excuse
-
Opinion6 days ago
Ho Ching defends NRIC as “digital name,” calls for practical policies over secrecy
-
Community1 week ago
Hougang knife attack: Dispute over medical claim reportedly leads to mother of three’s death
-
Diplomacy6 days ago
Israel shuts embassy in Ireland, cites “extreme anti-Israel policies”
-
Politics2 weeks ago
Parties may not display face of individuals other than party leader: ELD