SINGPASS ABUSE
New offences are also proposed under the Computer Misuse Act to target Singpass abuse.
When Singpass users give up or sell their credentials, criminals can use these accounts to register companies, open bank accounts and sign up for new phone lines to carry out scams or other fraudulent acts.
If amendments to the Act are passed, individuals can be prosecuted if they disclose their Singpass credentials while knowing, or having reasonable grounds to believe, that the disclosure was to commit or facilitate the commission of an offence.
Singpass users who give away their credentials will be presumed to have broken the law if they received any gain for the disclosure; knew the disclosure would likely cause wrongful loss to someone; or did not take “reasonable steps” to find out the identity and physical location of the person to whom they disclosed their credentials.
One of the suggested new offences is the disclosure of a user’s own Singpass credentials to facilitate an offence. Those convicted can be jailed for up to three years, fined up to S$10,000, or both.
MHA and SNDGO said that the proposed provisions reinforce the message that Singpass users “must be careful and exercise due diligence with regard to their Singpass credentials”.
“This offence, however, is not intended to capture those who share their Singpass credentials for lawful purposes, such as seniors who need the help of their family members to make Singpass transactions,” they added.
“It is also not intended to capture persons who were genuinely tricked into giving up their Singpass credentials.”
Another proposed offence is obtaining, retaining, supplying, offering to supply, transmitting or making available another person’s Singpass credentials to commit or facilitate the commission of an offence.
This is aimed at criminals who purchase Singpass credentials, as well as syndicates involved in trading Singpass credentials.
First-time offenders can be jailed for up to three years, fined up to S$10,000, or both. For subsequent offences, they can be jailed for up to five years, fined up to S$20,000, or both.
Currently, those who give up their Singpass credentials can be charged with unauthorised disclosure of an access code under the Computer Misuse Act.
MHA and SNDGO said: “It is often hard to prosecute such Singpass users today … as the prosecution has to prove that the Singpass user knowingly disclosed his credentials for wrongful gain or unlawful purposes, or that it would cause wrongful loss, which are difficult to do.”