30 August 2022

From 15 August 2022 to 9 September 2022, the Info-communications Media Development Authority of Singapore (“IMDA”) is conducting a public consultation to seek feedback on proposals to strengthen safeguards for Short Message Service (“SMS”) messages to Singapore users by introducing a full SMS Sender ID Regime and exploring anti-scam filtering solutions within mobile networks.

The proposed measures are part of an ongoing multi-layered approach to strengthen protection against scams. This has been done with the telcos, to systemically reduce scam calls and SMS coming through the communication networks.

Full SMS Sender ID Regime

SMS has become a telecommunication channel that scammers use to conduct malicious activities. One way in which scammers aim to gain trust is to masquerade their SMS sent to Singapore mobile users using the same alphanumeric sender identification (“Sender ID”) used by bona fide businesses and other entities.

IMDA is proposing to make SMS Sender ID Registry (“SSIR”) registration a requirement for organisations that use Sender IDs. This means that only registered Sender IDs can be used, and all non-registered Sender IDs will be blocked as a default. Currently, SSIR is a voluntary system which means that the public may still be subject to spoofed SMS, using non-registered Sender IDs (e.g. from organisations that choose not to register, or IDs that do not belong to any organisation).

Under the proposed full SMS Sender ID Regime, organisations that send SMS with Sender IDs to Singapore mobile users must register their Sender IDs with the SSIR by using their Unique Identity Number (“UEN”), and only use SMS service providers or SMS aggregators (“Aggregators”) who participate in the SSIR. The registration requirement applies to any alphanumeric Sender ID chosen by organisations to appear as headers in their SMS. It will not apply to mobile phone users (including organisations) sending SMS using mobile numbers registered with their telecommunication service providers.

Aggregators who wish to handle SMS with Sender IDs must participate in the SSIR and verify merchants/organisations sign-ups through their UENs.

The above requirements will allow merchants behind the Sender IDs to be clearly identified and provides better assurance that only bona fide merchants are using Sender IDs.

As organisations may need time to adjust, a transition period is proposed starting from October 2022, before the full SSIR registration requirement commences at end-2022.

Exploring anti-scam SMS filtering solutions

IMDA is proposing for anti-scam filter solutions to be implemented by Mobile Network Operators in Singapore in two phases as follows:

  • Phase 1 - Filtering of scam SMS messages through the detection of malicious links: Links within SMS messages will be cross-checked and matched against a database of known malicious links. If a match is detected, the SMS message will be filtered out, and the database of malicious links will be updated continually to stay relevant against new threats. This filtering will be conducted through an automated process, via a machine in the mobile network without any human involvement.
  • Phase 2 - Further filtering of scam SMS messages that contain suspicious patterns: This filtering will be conducted through automated machine scanning without human intervention. The machine will identify and filter SMS messages based on suspicious patterns within SMS messages. These may include keywords, phrases and message formats that are typically used in scam SMS messages. Machine learning will be adopted to scan and identify common and new patterns that are characteristic of scammers and scam SMS messages, keeping pace with the evolving tactics of scammers.

Reference materials

The following materials are available on the IMDA website www.imda.gov.sg: