SEVERAL social media apps and e-commerce platforms will be required from next week to put in place measures to proactively disrupt scams and malicious cyber activities affecting their Singapore-based users.
The Ministry of Home Affairs (MHA) on Friday (Jun 21) said the popular social media platforms – Meta-owned Facebook, WhatsApp and Instagram, as well as Telegram and WeChat – which “present the highest risk of scams” to local users, will be subject to the Online Communication Code as designated online services on Jun 26.
The code is a provision under the Online Criminal Harms Act, which was passed by Parliament in July last year.
Under it, designated online services will be required to proactively detect and take necessary actions against suspected scams and malicious cyber activities.
They will also need to deploy safeguards to prevent the spread of malicious activities. These include “reasonable verification measures” to prevent bots from being created to spread scams and malicious cyber activities.
MHA did not specify what these measures could be.
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
The designated online services must submit an annual report on the implementation of the systems, processes and measures that they have taken to meet the requirements of the code.
Fighting scams
Popular e-commerce platforms – Carousell and Facebook’s Marketplace, Advertisements and Pages services – will from next week be roped into the fight against scams, with the E-Commerce Code also taking effect on Jun 26.
MHA said these online services “facilitate e-commerce activities and pose the highest risks of e-commerce scams among other services in Singapore”.
Besides the requirements put in place in the Online Communication Code, online services governmed by the E-Commerce Code will have to meet additional requirements.
These include using government-issued records to verify users who advertise or post about the sales of goods or services, and providing payment protection mechanisms that require delivery of goods or services to be verified before payment is released to sellers.
“We will allow the designated online services to only apply the user-verification requirements on those they identify to be risky, for a start,” the ministry said.
“Should the e-commerce scam situation fail to improve, we will require the services to expand the coverage of the verification requirements, such that more users need to have their identity verified.”
Under the E-Commerce Code, Carousell will have to verify the identity of all sellers by Apr 1, 2025.
In response to the announcement on Friday, Carousell chief of staff Tan Su Lin said the company’s existing measures are already “largely in line” with the E-Commerce Code.
For instance, users in its high-risk categories, such as “Property” and “Tickets and Vouchers” have been subject to Singpass verification checks.
“While we do not have plans to make it mandatory for all users, we will be deploying Singpass verification checks in a more targeted approach for high-risk scenarios from late June, to balance user safety with user experience.
“This means that should our AI (artificial intelligence) system detect behaviour similar to known scam patterns or policy violations, the user will receive a notification to verify their identity to continue using our platform,” she said.
Meanwhile, Facebook will have until Mar 1, 2025, to verify the identity of all marketplace sellers and until Apr 1, 2025, to verify all advertisers on its service.
While Facebook Pages is designated under the E-Commerce Code, MHA said it will waive the two additional requirements “for now” so that Facebook can prioritise implementing user verification for its marketplace and advertisements services. It did not say when it will reimpose the requirements on Facebook Pages.
Facebook was criticised by Minister of State for Home Affairs Sun Xueling in February for its lack of cooperation with the government in fighting scams. She added that Meta, Facebook’s parent company, has consistently pushed back against MHA’s recommendations to put safeguards in place.
Under the Online Criminal Harms Act, an online service provider can be issued a rectification notice to correct non-compliance with the codes of practice by a specified time. It is a criminal offence for companies to fail to comply with the rectification notice.
Designated online services can also be issued implementation directives which specify that the service implement a system, process or measure to address the risk of scams or malicious cyber activities.
