Singtel’s latest anti-scam offering SingVerify sadly arrived a few months too late for the 21 DBS customers robbed of $450,000 back in January. The move to offer SIM card data as an additional identity assurance at log in will thankfully make it much tougher for stolen credentials to be used in the future. The uncomfortable truth, which I have sadly witnessed first hand through a family member losing both assets and self-esteem from such a con, is that unauthorised account access is often just the final act in a harrowing drama played out across a number of interactions - a heady mix of impersonation, misinformation and manipulation. The worry for us all is that a continued focus on the outcome of this scourge means we may miss the most potent antidote to the root cause.

The common thread across unwitting victims is that their ordeal likely began with some form of impersonation. A loved one in need or, in my uncle’s case, a corporate account update that urgently needed his attention. The vast majority of the $1.4 trillion ill-gotten gains exploit our inability to spot the fraud from the familiar. What we learn from this latest SMS swindle is that despite policy shifts in what companies will and won’t send us, a well crafted message or call that preys on our fears will always trump well-intentioned initiatives. We act on fearful instinct despite our cautious angels. Applying a salve to the open sore that is our potentially exploited account does not deal with our ever present inability to verify what’s what, or more critically who’s who, in the face of a scam.

So how do we intend to stop tricksters earlier in their tracks? Perhaps it’s time we shift our attention to the communication channels that are so often the gateway on the road to financial loss. We’ve all gotten used to the neverending need to KYC or OTP to access most online services. Why do we as consumers then not expect our bank to authenticate itself when they wish to communicate with us? The vigilant may have habitualised the Googling of email domains and cross-checking of Caller IDs - but surely this can’t be the failsafe way for us to trust the communication we receive?

A starting point is to ask what role our devices can play, if any? Having swapped an iPhone for Android of late I can personally attest there is a material difference in the capabilities available. Initiatives like Google’s Verified SMS are a valiant attempt to provide us assurance of authenticity, but personal preferences mean only a percentage of us benefit. The rest left to find their own protection to fend off the 3.4 billion smishes in daily circulation. Compounded with the latest ask of businesses for us to “Click and Accept” our role as honorary scam sniffer, we see first hand the struggle to deliver technology that can protect us effectively.

Regulators also have a role to play here, stepping in to help us discern Peter from Paul - pick your own bad guy in this scenario. The call to action has been loud and clear in light of scam losses reaching unsustainable levels for many economies: Thailand, Indonesia, Malaysia and Vietnam lose over 2% of their equivalent GDP to e-bandits each year. Even here in Singapore, so often opined for its high-trust economy, we are haemorrhaging $4,031 on average per citizen, an unwanted first place if ever there was one.

Their response? The removal of unregistered SIMs and an array of sender restrictions has undoubtedly left us safer, but still uneasily reliant on the perfect execution of upstream checks and balances. Combined with new identity authentication like SingVerify we have a patchwork of approaches that continue to treat Digital Trust as a service to, rather than a collaboration with, those they are looking to safeguard. The common thread is that we as consumers still lack the means to control our own destiny in the face of a scam. Maybe it is this that needs to change.

Take organisations’ approach to data breach protection for example - cyber pros have shifted to a zero trust architecture to safeguard their infrastructure and assets. The requirement: validation of anyone, anything, all the time across a digital interaction. An Everything, Everywhere, All At Once if you will. Would making businesses apply these principles to communications they send be a logical next step? Put in practical terms, imagine a world where any message or call you receive provides a way for you to verify who it’s from, whatever the device and whatever the channel used to communicate with you. With one quick check.

This might sound like a wishful bucket list of wants but this capability is in fact already here. Singapore’s lead in tightening up mobile app standards will greatly help homegrown verification platforms like Ping by Dedoco^TM deliver the foundations for safer omni-channel communication. Secure smartphone apps offer us the dual promise of safe in-app experiences and a verifier-of-record for a broader set of digital interactions. A simple check or notification could displace the threat of impersonation across all channels. Necessity may truly be the mother of invention and save the day.

The question we now need to ask ourselves is are we willing to tolerate a little friction to make this a reality? Having worked in this area for the past year I believe this type of trade-off will be the most impactful way to apply a handbrake on the runaway scam train hurtling toward us. Digital trust can certainly win-out in the face of online threats, but we first must acknowledge that at its core this is a human problem. As such, we must demand the right tools for ourselves as consumers to meet the challenge head on. Governments and corporations will need to provide the means. We may just need to apply pressure to make it happen.

------------

Jason Williamson is founding member of the Singapore Global Anti-Scam Alliance Chapter and VP at PingbyDedoco.com - the first omni-channel verification platform that makes business communication safe, trusted and verifiable for consumers and citizens.