Checks after ICA e-service scam show no other government services can be completed with only NRIC number and its date of issue

4 days ago 50

SINGAPORE - No government e-services can be carried out using just a person’s NRIC number and its date of issue, the Ministry of Digital Development and Information (MDDI) said on Feb 4.

These checks were made following Immigration and Checkpoints Authority’s (ICA) disclosure in January that fraudsters had altered victims’ addresses through its e-service. The fraudulant transactions were made through compromised Singpass accounts using just the victim’s NRIC number and its date of issue.

MDDI was responding to questions raised by MPs, including Nominated MP Mark Lee, who asked what lessons the Government had drawn about vulnerabilities in digital public service.

Others, like Mr Yip Hong Weng (Yio Chu Kang SMC) and Dr Tan Wu Meng (Jurong GRC) asked what measures are being implemented to prevent future unauthoritised access of Singpass and whether the security of all online Government services will be checked.

In a written Parliamentary reply, Digital Development and Information Minister Josephine Teo said that Government agencies have conducted checks on the potential impact on online services.

“So far, there have been no transactional services identified that can be completed in the same manner as unauthorised (electronic change of address) transactions using only the NRIC number and date of issue of the NRIC,” she said.

Government agencies are required to conduct regular risk assessments of its tech systems, including risks arising from systems managed by other agencies. Vulnerabilities must be promptly dealt with, said Mrs Teo.

As for Singpass...

Read Entire Article