Overhauled and expanded, Singpass now critical to online and offline services in Singapore

March 4th, 2021 | by Alfred Siew
Overhauled and expanded, Singpass now critical to online and offline services in Singapore
Cybersecurity
0
New Singpass logo. IMAGE: GovTech handout

After the launch of a mobile app in 2018 and with its use now expanded to contact tracing, Singpass is getting a new logo today to reflect its central role in Singapore’s smart nation ambitions.

The “i” in Singpass now shows a keyhole, befitting its status as a national digital ID that gives access to a multitude of services. As GovTech, the government agency behind it, explains, this also represents a human silhouette to reflect the citizen-centric focus.

Launched back in 2003, Singpass is now used to access more than 1,400 everyday services. Besides government agencies, it is utilised by close to 200 private sector organisations, including banks that use it to verify a customer when onboarding him.

The pandemic clearly fuelled the use of Singpass, especially for contact tracing efforts. Transactions last year doubled to over 170 million, GovTech said today.

It’s also fitting that the logo change comes after a massive overhaul of a once forgotten piece of infrastructure in Singapore’s smart nation push.

Ironically, the best thing that may have happened to Singpass was back in 2014, when a series of high-profile data breaches due to a lack of two-factor authentication forced the Singapore government to revamp and upgrade the national digital ID.

Back then, many government agencies didn’t even use Singpass, preferring to have their own login systems for their industries. Getting so many of these agencies, from the taxman to the land transport authorities, in the following years to get on a single platform must have been some task.

Part of this had to do with the setting up of GovTech in 2016 to digitalise government services on a national scale. The next year, it was moved into the Prime Minister’s Office, no doubt to get agencies to get in line with GovTech’s many digitalisation efforts.

One result of that is a much more streamlined national digital ID for citizens to log in to all manners of e-services. Two-factor authentication is built in now, in case you’re wondering.

What really changed the game, however, was the Singpass app in 2018. It enabled citizens to log in to government e-services without remembering a password or using a token.

All they had to do was authenticate a login with a fingerprint scan on their mobile phones to get into a government website securely. Face scans would later be added as well.

In future, the Singpass ID will be used in even more places, such as at retailers to verify the age of a person buying alcohol. Of course, a physical IC is still acceptable, but Singpass is a way to identify yourself not just in the virtual but real world now.

The one question that surrounds all this is whether the growing amounts of data and access to more services will come at greater risk of a data breach, given the frequent cases of late.

To this, it helps to know that transactions on Singpass are encrypted. Plus, users are issued identity certificates by the National Certification Authority, to ensure you are who you say you are when signing a document on your Singpass app, for example.

These measures minimise the risk of fraud, as GovTech argues, but of course, no digital measure today is free from risk. Anything that’s man-made can be unmade, as the saying goes.

Perhaps just as important for GovTech to guard against is mission creep. Singpass as a digital ID will be critical to so many smart nation initiatives, because it enables each citizen to gain secure access to services online and offline.

While it can open up APIs (application programming interfaces) to the private sector, it should restrict these to non-trivial parties.

Banks doing their know-your-customer (KYC) onboarding to prevent fraud should tap on Singpass, but a sports club or karaoke joint signing up new members? A national digital ID may not be necessary.

There are also considerable roadblocks ahead, such as the trust required for users to use face verification that is tied to their Singpass ID, for example.

Understandably and rightly, citizens are a little wary of using their faces for verification, but this will be an important way to transact with less contact in future.

Think of boarding a plane by simply scanning your face (tied to a Singpass ID), or checking into a hotel and unlocking a room door, without having to flash your passport.

Not mere conveniences, these will be critical to a hygienic and safe way to travel in a post-pandemic world. In these cases, trust is especially important. It’s what the Singpass needs to keep building as well, after its successful overhaul.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.