Carousell, Facebook Marketplace must verify identity of all sellers if they fail to curb scams: MHA
Carousell and Facebook Marketplace will be allowed to apply user verification requirements on "risky sellers" for a start, says the Ministry of Home Affairs (MHA).
Carousell and Facebook. (Images: Facebook/Carousell, Reuters/Dado Ruvic)
This audio is generated by an AI tool.
SINGAPORE: The Ministry of Home Affairs (MHA) will require Carousell and Facebook to verify the identity of all their sellers if the number of scams reported on the respective platforms "does not drop significantly".
The ministry will assess over a six-month period the effectiveness of both e-commerce platforms' measures to only verify the identity of sellers they deem "risky".
If the scam situation fails to improve, MHA will then require them to apply user verification requirements on all sellers.
This is part of the second tranche of provisions under the Online Criminal Harms Act (OCHA) that was passed in Parliament in July last year, MHA said on Friday (Jun 21). The new measures will come into force on Jun 24.
OCHA targets online content used to facilitate scams and malicious cyber activities.
Under the latest measures, authorities will issue two codes of practice - one for online communication services and another for e-commerce services.
CODES OF PRACTICE
The online communication code applies to online communication services Facebook, WhatsApp, Instagram, Telegram and WeChat, which MHA identified as presenting the "highest risk of scams to Singapore users".
Under this code, providers of these online services must implement systems, processes or measures to detect and act against scams, use "reasonable" verification measures to prevent fake accounts or bots, require strong login verification, and submit an annual report on the implementation of these measures.
Providers of the online communication services will be required to comply with the online communication code by Dec 31.
On the other hand, the e-commerce code applies to online services that facilitate e-commerce activities and "pose the highest risks of e-commerce scams among other services in Singapore".
Facebook Marketplace, Facebook Advertisements, Facebook Pages and Carousell will be required to comply with the code by Dec 31. These platforms accounted for more than 70 per cent of e-commerce scams in 2023.
The code shares the same requirements as the online communication code, with two additional stipulations.
Users must be verified against government-issued records if they advertise or post about the sale of goods and services, or if they intend to do so.
Services must provide payment protection mechanisms that verify the delivery of goods or services before releasing payment to sellers.
"These additional requirements are based on what MHA assesses to be more critical in protecting Singapore end-users from e-commerce scams," the ministry said.
The online communication code, along with the code of practice for e-commerce services, will take effect on Jun 26, MHA said.
USER VERIFICATION REQUIREMENT
Under the e-commerce code, MHA will prioritise the implementation of user verification requirements, which it assessed to be the "most critical to curb scams".
For a start, it will allow Carousell and Facebook Marketplace to only apply verification requirements on "risky sellers" before expanding to more users if the scam situation fails to improve.
"Risky sellers" are users identified by these platforms as potential sources of scams.
MHA said on Friday it will assess the effectiveness of Carousell's measures to verify the identity of "risky sellers" between Jul 1 and Dec 31.
"If the number of e-commerce scams reported on Carousell does not drop significantly, MHA will require Carousell to verify the identity of all sellers by Apr 1, 2025," it said.
A similar assessment will be conducted for Facebook Marketplace between Jun 1 and Nov 30, MHA added
MHA will require Facebook Marketplace to verify the identity of all sellers by Mar 1, 2025, if the number of e-commerce scams reported on the platform "does not drop significantly".
MHA also said that it will require Facebook to verify the identity of all advertisers by Apr 1, 2025, if the number of scam reports arising from advertisements on Facebook "does not drop significantly".
Between Jul 1 and Dec 31, MHA will "assess the effectiveness of Facebook’s measures to verify the identity of risky advertisers", it added.
MHA said it will not implement the user verification measure for Facebook Pages for now to allow Facebook to "prioritise implementing user verification for its Marketplace and advertisements this year".
In a statement to the media on Friday, Carousell said that its users will be required to verify their identities using Singpass if its system "detects behaviour similar to known scam patterns or policy violations". Singpass verification is currently required only for two categories - property and tickets and vouchers.
The marketplace platform will also be launching a safety policy to educate users on "risky behaviours", such as paying directly to the seller before receiving the item, said Ms Tan Su Lin, Carousell's chief of staff.
Meta, which owns Facebook, told CNA on Saturday that it is rolling out "a few initiatives", including verification measures that are being tested for Facebook ads and Facebook Marketplace in Singapore.
"We continue to work with different stakeholders to understand new techniques that scammers deploy, so we can get ahead of their attempts to circumvent our systems," said a Meta spokesperson, adding that it supports the government's efforts to address online scams.
THE ONLINE CRIMINAL HARMS ACT
OCHA, which was passed in Parliament on Jul 5 last year, allows the government to order the takedown of websites, apps and online accounts suspected to be used for criminal activities.
The threshold for ordering a takedown is lower for a particular category of criminal offences – scams and malicious cyber activities.
For scams and malicious cyber activities, directions can be issued "when there is suspicion or reason to believe that any online activity is being carried out in preparation for or as part of the commission" of such offences, said Minister for Communications and Information and Second Minister for Home Affairs Josephine Teo.
The directions may order a person or an online service to stop communicating specified online content, disable the content from being viewed, stop an account from communicating, block access to a web domain, or remove an app from an app store for Singapore users.
Some measures under OCHA took effect on Feb 1, allowing the government to issue directions and orders to limit the exposure of Singapore users to criminal activities on online platforms.
The measures also allow the government "to require information to administer the Act and facilitate investigations and criminal proceedings".
Some criminal offences OCHA covers include those relating to:
- Terrorism and internal security
- Harmony between different races, religions or classes of population
- Incitement to violence
- Breaches of the Official Secrets Act
- Drugs
- Gambling
- Moneylending
- Scams and malicious cyber activities
- Sexual offences such as child abuse and voyeuristic material
PAYMENT PROTECTION MECHANISMS
MHA said it would waive the requirement on payment protection mechanisms for now to allow services to prioritise implementing user verification, adding that it would reassess this in 2025.
The need for this requirement will be assessed based on the effectiveness of the user verification measures in reducing e-commerce scams, it said.
The ministry also said it will "review the list of designated online services regularly based on the prevailing scam situation".
MHA added that all designated online services, including Carousell and Facebook Marketplace, are required to submit a report on the implementation of measures to comply with the requirements in the codes of practice.
"The competent authority will assess the adequacy of these measures and decide if further or enhanced measures would be required," it said.
For Carousell and Facebook Marketplace, if the competent authority assesses that the measures are inadequate - for example, if there is no significant drop in the number of reported e-commerce scams - it may issue a new code application notice to require them to verify the identity of all sellers.
If a provider of a designated online service has not complied with any requirement applicable to it, a rectification notice may be issued to it to correct the non-compliance by a specified time.
"Failure to comply with the rectification notice is a criminal offence," said MHA.
An implementation directive may also be issued to the provider to "implement a specific system, process or measure to address the risk of scams or malicious cyber activities", it added.
