In Singapore’s latest cybersecurity tussle, some telcos have begun sharing real-time SIM-linked location data with platforms and authorities to thwart rising scam attempts. Spearheading the initiative, Singtel’s “SingVerify” utilizes SIM card data to validate user identity in the background during high-risk activities, such as password resets, money transfers, or adding new payees. From mid-2024, its expansion will include location-based checks, matching a user’s current whereabouts with their SIM’s registered locale to block suspicious logins from other devices.[
Privacy Pushback: Telcos Caution Against Overreach
However, not all telcos are onboard. Citing privacy concerns, several operators are wary of sharing sensitive location data, fearing it may conflict with personal data protection norms. They argue that although such data can prevent scams, it could also create privacy risks if misused or inadequately secured. Regulatory expectations emphasize anonymizing any data shared and limiting access strictly to fraud-control use cases, balancing user protection with confidentiality.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
The Wider Context: Scams, Regulation, and Accountability
These security debates arrive amidst worrying trends: Singapore recorded over 50,000 scam cases in 2023, with cumulative financial losses surpassing S$650 million. Authorities are stepping up efforts: SIM card misuse is being penalised under tougher laws, and telcos along with banks fall under a Shared Responsibility Framework, making them liable for victims’ phishing losses if security safeguards fail. Meanwhile, regulators like IMDA are ramping up enforcement to ensure robust SIM issuance processes and prevent e-SIM hijacks, as seen in the ongoing StarHub Giga investigation.
The divide between security and privacy has sparked a broader debate about what trade-offs are acceptable. Proponents argue SIM-linked data sharing can provide a powerful shield against scams, offering “invisible” protection for unsuspecting users. Critics warn this may erode trust if users feel surveilled, highlighting the delicate balance regulators must strike moving forward.