Singapore's anti-spoof SMS registry shut down, to be replaced with new system

SINGAPORE — A Singapore registry set up to identify and block fraudulent SMS texts will be shut down on Monday (March 7) and replaced with a “full-fledged” system that can identify spoofed messages using protected SMS sender IDs and block these messages upfront.

The Infocomm Media Development Authority (IMDA) said that it had begun onboarding banks, government agencies and other organisations on this new system operated by its subsidiary — the Singapore Network Information Centre — which also runs Singapore’s internet domain name system.

The move came as the original anti-spoof SMS registry is being suddenly shut down. 

The Straits Times reported that the registry’s London-based creator, Mobile Ecosystem Forum (MEF), said its vision for the development and growth of the registry did not match that of IMDA.

Confirming the closure in an email, the firm added: "The decision has been taken to close the registry and allow the regulator to develop its own system according to its own specifications.”

The authorities had earlier called on all retail banks and government agencies here to get on its original registry, which was introduced as a pilot last August, following the spate of recent SMS phishing scams targeting OCBC bank customers.

IMDA said in a statement on Monday that the recent scams have made it clear that a “strong response” is needed.

Hence, it moved to set up a full-fledged registry, called the SMS SenderID Protection Registry (SSIR), that can identify spoofed messages using protected SMS sender IDs and block these messages upfront.

This requires participating organisations to identify their sender IDs and use an aggregator or service provider that is participating in the registry so that they can fulfil these duties. 

This upstream measure differs from the original registry, which would deliver all SMSes, including spoofed messages, and alert the participating organisation only when a message has been identified as potentially fraudulent.

“This more proactive stance to better protect consumers is a regulatory requirement going forward,” said the authority.

“The Monetary Authority of Singapore and the Association of Banks in Singapore are fully supportive of SSIR which will provide Singapore with greater control and flexibility in developing regulatory measures that better protect consumers in Singapore.”

Meanwhile, IMDA said it had decided to conclude the initial pilot, which was done in collaboration with MEF as a commercial service provider.

“MEF had informed that IMDA’s requirements to meet Singapore’s needs going forward are not consistent with its business model,” said the authority.

“As IMDA will be moving towards a more fully-fledged SSIR, the MEF and IMDA have therefore jointly decided to conclude our pilot which has provided us with useful inputs to move on with our new model.”