SINGAPORE

In a significant move, banks across Singapore are undertaking a comprehensive review of their practices regarding the use of National Registration Identity Card (NRIC) numbers, according to a statement released by the Association of Banks in Singapore (ABS) on Thursday, December 19.

The ABS has responded to growing public concerns following a recent incident involving the exposure of full NRIC numbers, which sparked anxiety and outrage among citizens. Addressing these fears, the ABS reassured consumers that NRIC numbers alone cannot facilitate payments or fund transfers, highlighting the importance of multi-factor authentication for online banking. This additional security layer is vital for higher-risk activities, such as high-value fund transfers or adding new payees.

The ABS emphasized the essential role of NRIC numbers in customer identification, particularly in scenarios where individuals have the same name or when urgent assistance is needed to thwart fraudulent transactions. They acknowledged that while NRIC numbers serve necessary functions, the organization is actively reviewing existing practices to enhance customer security.

"We seek customers’ understanding that some existing practices may be changed as a result of this review," the ABS stated, urging customers to refrain from using NRIC numbers or other personal identifiable information—like names or birthdates—as passwords.

Similarly, the General Insurance Association of Singapore (GIA) and the Life Insurance Association, Singapore (LIA) also released a joint statement, reinforcing that NRIC numbers alone cannot be used for critical functions such as policy purchases or claims. Insurers are implementing multi-factor authentication protocols for online transactions to protect policyholders further.

The heightened scrutiny around NRIC usage comes in the wake of a troubling incident involving the Accounting and Corporate Regulatory Authority (ACRA), where users of the new Bizfile portal were able to see full NRIC numbers in search results. This incident prompted an official apology from the government, acknowledging the distress caused to citizens. Minister for Digital Development and Information, Josephine Teo, expressed regret during a press conference, stating, "We are very sorry to have caused them much anxiety."

Mrs. Chia-Tern Huey Min, ACRA's chief executive, admitted that an oversight had occurred, resulting in the full exposure of NRIC numbers instead of masking them as intended. The government had previously issued a directive aimed at moving away from masked NRIC numbers to bolster security measures but suffered a lapse in coordination.

This ongoing review by financial institutions and regulatory bodies reflects a broader commitment to protecting personal information amidst rising concerns over data privacy and identity theft. As the landscape of digital finance evolves, both consumers and institutions must adapt to safeguard sensitive information.

Stay tuned: What's next in Singapore's banking security overhaul? Don't miss the upcoming announcements—as this crucial story develops!