‘Unsafe and risky': Singapore orders end to IC number use as authentication in private sector
SINGAPORE, June 26 – Singapore's Ministry of Digital Development and Information (MDDI) has reportedly urged private sector entities to stop using National Registration Identity Card (NRIC) numbers as authentication tools or passwords due to security risks.
In a formal advisory issued today, the Personal Data Protection Commission (PDPC) and the Cyber Security Agency (CSA) advised organisations to cease using NRIC numbers to verify an individual's identity when granting access to personal services or information.
'While organisations may use NRIC numbers to identify who a person is over the phone or when using digital services, NRIC numbers should not be used to prove that a person is who he claims to be ... for the purposes of trying to gain access to services or information meant only for that person,' MDDI said as quoted by CNA.
The ministry highlighted that some organisations still require individuals to use NRIC numbers, sometimes as passwords, to access personal documents such as insurance files.
'It is unsafe for organisations to use NRIC numbers in this manner because a person's NRIC number may be known to others, permitting anyone who knows his NRIC number to impersonate him and easily access his personal data or record,' the ministry said.
MDDI called on organisations to stop using full or partial NRIC numbers for authentication, including setting them as default passwords or combining them with other easily obtainable data like birth dates.
'If it is necessary to authenticate a person, organisations should consider alternative methods, for example requiring the person to use strong passwords, security token or fingerprint identification,' it added.
The government is working with key sectors such as finance, healthcare, and telecommunications to develop tailored guidelines on identity authentication practices.
This comes as Singapore's Minister for Digital Development and Information Josephine Teo said in January that firms using NRIC numbers as authentication or default passwords must end the practice swiftly.
The policy shift came after public backlash in December 2024 over a new Bizfile portal launched by the Accounting and Corporate Regulatory Authority (ACRA), which had exposed names and full NRIC numbers through its search function.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Malaysian Reserve
3 hours ago
- Malaysian Reserve
Payments Platform Optty Kicks Off Next Stage of Growth with Appointment of Industry Leader Richard Miller as New CEO
SYDNEY, June 30, 2025 /PRNewswire/ — Optty™, the Australian-founded global payments technology company, has appointed global industry leader Richard Miller as its new Chief Executive Officer, effective immediately. Alan Miltz, Chairman of Optty said: 'As CEO, Richard Miller will lead Optty's next phase of global expansion, scaling and streamlining our pioneering platform that connects more than 145 payment methods (including digital wallets, Buy Now Pay Later (BNPLs) and credit/debit cards) through a single integration.' Optty's Board of Directors sees Miller's appointment as key to Optty's commitment to growth through partnerships, financial inclusion and product innovation. Miller will continue to build enduring relationships with merchants, processors and payment providers as the Singapore-headquartered company scales up. Miller says: 'I'm thrilled to join Optty at this pivotal time. Optty has built an extraordinary proposition that simplifies and accelerates eCommerce and in-person payments for the world's merchants, processors and acquirers. In a world where ways to pay have proliferated, Optty offers a uniquely powerful solution to simplify the technical challenge of offering broad consumer choice.' 'It will be my privilege to lead Optty's dedicated team as we work with our partners around the world to unlock the next wave of value and impact.' Miller's experience spans more than two decades of global leadership in fintechs, payments, and strategic consulting. His previous senior roles include ConnectID/ Australian Payments Plus, Deloitte, National Australia Bank and The Boston Consulting Group. Miller is widely respected across the Australian and international payments landscape for his strategic insight, collaborative leadership and deep industry expertise. Miltz said: 'Richard brings a rare combination of strategic clarity and execution experience across global payments. His leadership, deep fintech expertise, and commitment to partnership will be critical to delivering on our global ambitions. The Board and I are delighted to welcome Richard's appointment as CEO.' 'For Optty it marks a significant step as we scale our reach and relevance in what is a rapidly evolving global payments landscape.' 'We would also like to thank Steven Ritchie for his exceptional leadership as interim CEO and are pleased to announce that Steven will continue to help lead the business in an expanded capacity as Chief Operating Officer.' For interviews/more contact Media@ About Optty: Optty is a global payments infrastructure platform for PSPs, gateways, acquirers and merchants that provides a single integration to 145+ payment partners in 140 countries and 120 currencies (and growing). Optty empowers partners to access and provide payment innovation at scale, enabling them to add local payment methods across nine payment types; BNPL, digital wallets, credit/debit, gift cards/virtual cards, crypto, pay with points, open banking, P2P and payouts as well as additional value-added services in ESG, Fraud Prevention and Tokenization. Optty's simplified API integration requires no further development for any payment methods to be enabled, saving thousands of development hours for partners and merchants alike. Optty is a Certified B Corp, founded out of Australia and the UK, headquartered in Singapore and global in its service coverage. Optty powers limitless ways to pay with unrivalled simplicity. Media@
Malay Mail
16 hours ago
- Malay Mail
Singapore drug suspects try to flee twice — all caught after police chase and crash
SINGAPORE, June 29 — A car chase through Singapore's quiet early morning streets ended with a crash, a hospital trip, and three young suspects in handcuffs. According to The Straits Times, it all kicked off around 5.45am today, when police officers spotted a car awkwardly parked along Syed Alwi Road, heading toward Jalan Besar. Suspicious, they stopped to investigate — but the driver had other plans. The 25-year-old man behind the wheel bolted, prompting a foot chase. He was eventually caught and taken to hospital conscious, before being arrested for drug-related offences. Turns out, he was already on the police's radar for previous traffic violations. But the drama didn't end there. While officers were dealing with the runaway driver, a 25-year-old woman — one of the passengers — decided to hop into the car and drive off. The vehicle was later spotted again on Syed Alwi Road, but this time it sped off and slammed into a lorry. Inside the vehicle, police found what appeared to be controlled drugs and drug paraphernalia. Both the woman and another passenger, a 23-year-old female, were arrested for suspected drug offences. All three cases have now been handed over to the Central Narcotics Bureau. Investigations are still ongoing.
Malay Mail
16 hours ago
- Malay Mail
Singapore security firm rebuts viral claim staff face sack for not staying home while on sick leave
SINGAPORE, June 29 — Singapore security firm Certis has clarified that it does not dismiss employees simply for not being at home while on medical leave, after internal WhatsApp messages about its medical leave policy circulated online and drew public attention. The messages, which were first reported by Mothership on Friday, said that workers could receive a warning letter if they were found to be away from home during medical leave without a valid reason. 'If they are not at home, they should share their 'live' location or conduct a video call with their manager to ensure their safety and well-being,' one message allegedly read. Employees were also instructed to update their residential addresses to avoid potential disciplinary action, while another message encouraged officers to 'share their pinned location' if they were not at home. A warning within the messages noted that 'any non-compliance identified may result in disciplinary action, which could include termination'. In response to Channel News Asia's queries, Certis said yesterday that termination is not automatic and disciplinary steps are taken only in 'clear and substantiated cases of abuse of medical leave, after a fair and thorough process'. 'We do not terminate employees solely because employees are not at home when on medical leave,' the company reportedly said. It added that managers may check in on staff who are on medical leave — particularly those on extended leave — and that these visits may include 'small care gestures'. Certis also emphasised that it trusts the majority of its staff to use medical leave responsibly, but has put in safeguards to ensure the system is not abused. 'Certis holds our officers to high standards of professionalism and integrity,' the company said. 'We take a firm stance against any wilful breach of company policy and will not hesitate to take disciplinary action where warranted, as we fulfil our commitment towards partners, customers, and the community whom we strive to protect and safeguard.'
