Govt intends to stop masking NRIC numbers, says there is not 'much value in doing so'

[mel1888]

You are right. I feel an NRIC number alone, or even together with your name, isn’t enough to hack your money. It’s just one piece of the puzzle and without access to things like passwords, bank details, or other sensitive data.

Like no point or not practical keep worrying about NRIC numbers get leaked…

Caused telcos, HR, insurance agents, secretary and lawyers handle NRIC all the time. PDPA will come into picture about safeguarding these sensitive information.

Fraudster need more than NRIC to sabo you. Like they need the banking info, OTPs, or passwords. Without access to systems or linked sensitive data, just having the NRIC number is not enough.

I think lah I think only. The PDPA come into picture liao. PDPA want every organisation to do away with using NRIC as unique number to identify the person.
Example gym membership needs have their own membership number. Library need to come up their unique library number. Is just like the unique credit card number. So PDPA want to do away with using NRIC number as main number to identify the person.

Except for going to court, hospital, army, Cpf, LTA summon etc. Aka to say our NRIC number belong to government since is issued by government. Hence, NRIC number should only use for doing gov administration stuff.

Bank ask us to create our own user id and password to access our bank account. Only when reset password need NRIC.

Your right bruh. But like u said, its a piece a puzzle...important piece we r giving hackers for free tho.

 

[Ethan_]

I rem nric could be used to collect mask and art kit.

Cause its a unique identifier. Name still can have same. But not IC.

 

[iceblendedchoc]

Oh really?

Maybe they would like to clarify against PDPC guidelines on treatment of NRIC numbers?

https://www.pdpc.gov.sg/guidelines-...her-national-identification-numbers/nric-faqs

Punishment doesn’t apply to government only private sector. I think that is the issue that why they bo chup.

 

[jkohlc2]

Hypocrisy?

I didn't say that

 

[hctawsgs]

Another secretive u-turn by the PAP gov that allows any tom/dick/harry to easily mine our NRIC numbers from ACRA for illegal activities....

Argue with them so much for what? JUST VOTE THEM OUT LAH!!

https://www.pdpc.gov.sg/-/media/Fil...sory-Guidelines-for-NRIC-Numbers---310818.pdf

1.3 As the NRIC number is a permanent and irreplaceable identifier which can potentially
be used to unlock large amounts of information relating to the individual, the
collection, use and disclosure of an individual’s NRIC number is of special concern.
Indiscriminate or negligent handling of NRIC numbers increases the risk of unintended
disclosure with the result that NRIC numbers may be obtained and used for illegal
activities such as identity theft and fraud. The retention of an individual’s physical NRIC
is also of concern. The physical NRIC not only contains the individual’s NRIC number,
but also other personal data, such as the individual’s full name, photograph,
thumbprint and residential address.

 

[Lifeinmotion]

Can't wait when someone scrape the data. Piece the birthdate from other sources. Then package your FB and LinkedIn data plus addresses and resell on the market if haven't so.

 

[OddEye]

This narrative started in govtech actually before publicly mention. Personally I don agree because service line use nric as means to verify the authenticity of the person

 

[GRAVESEED]

Where is the spokesperson's name and NRIC sia knn, die die cannot admit fault and just want to gaslight

 

[Philipkee]

You are right. I feel an NRIC number alone, or even together with your name, isn’t enough to hack your money. It’s just one piece of the puzzle and without access to things like passwords, bank details, or other sensitive data.

Like no point or not practical keep worrying about NRIC numbers get leaked…

Caused telcos, HR, insurance agents, secretary and lawyers handle NRIC all the time. PDPA will come into picture about safeguarding these sensitive information.

Fraudster need more than NRIC to sabo you. Like they need the banking info, OTPs, or passwords. Without access to systems or linked sensitive data, just having the NRIC number is not enough.

I think lah I think only. The PDPA come into picture liao. PDPA want every organisation to do away with using NRIC as unique number to identify the person.
Example gym membership needs have their own membership number. Library need to come up their unique library number. Is just like the unique credit card number. So PDPA want to do away with using NRIC number as main number to identify the person.

Except for going to court, hospital, army, Cpf, LTA summon etc. Aka to say our NRIC number belong to government since is issued by government. Hence, NRIC number should only use for doing gov administration stuff.

Bank ask us to create our own user id and password to access our bank account. Only when reset password need NRIC.

“Hello bank, I am xxx nric s1234567x . Don xx/xx/xxxx. Can you delete my internet banking account? My phone is stolen and I suspect scammers are hacking it. I am using a friend’s hp for this urgent call”

What do you think will happen to your internet banking account? Deleted

Maybe last time was different but now what if a scammer starts an internet bank account with your details? Now any OTP and transaction goes to him. Remember you won’t be informed cos your phone has been reported stolen. Maybe email notification but what if they did it at night?

i actually went for a course where I learned about this tactic but more for healthcare.

 

[qhong61]

MDDI noted that problems arise when the NRIC number is misused, citing examples like when organisations rely on the identifier as a form of authentication to access privileged information or perform privileged transactions.

“But just as our names alone would not be suitable as the basis for such authentication, neither should the NRIC number be used for this purpose,” said MDDI. It added that NRIC numbers, just as names, should not be used as passwords.

“If the NRIC number is used for authentication, it would have to be kept a secret, which would defeat its main purpose as a unique identifier,” said MDDI.

Acknowledging that there has been a practice of using masked NRIC numbers (for example, rendering S0123456A as *****456A), MDDI said that there is no need, and not much value to mask the NRIC number.

“Using some basic algorithms, one can make a good guess at the full NRIC number from the masked number, especially if one also knows the year of birth of the person. That is why public agencies are phasing out the use of masked NRIC numbers to avoid giving a false sense of security,” said MDDI.

It added that the Government’s intent was to change the existing practice of masking the NRIC number only after explaining the issue and preparing the ground.

“We acknowledge that coordination could have been better so that Acra’s move would not have run ahead of the Government’s intent. We apologise for this mistake and for causing anxiety to the public,” said MDDI.

The ministry added: “We recognise that some Singaporeans have long treated the NRIC number as private and confidential information, and will need time to adjust to this new way of thinking about the NRIC number.”

In the coming year, MDDI and the Personal Data Protection Commission will be conducting a public education effort about the purpose of the NRIC number, and how it should be used freely as a personal identifier in the same way names are used, as well as the correct steps Singaporeans ought to take to protect themselves, which involve proper use of authentication and passwords.





https://forums.hardwarezone.com.sg/...tal-development-and-information-mddi.7046191/

So still the old system better?

 

[CHINAUSA]

too late lah, scammers already downloaded all the names and NRIC etc

basically SG are being SOLD OUT openly and easily to scammers by people on TOP. Its an open buffet for them.

No wonder scams on the rise. what PDPA they talking about!

 

[gonewiththesmart]

Hypocrisy?

Ex SPH editor who obediently curated articles according to her paymaster

After she left her 26 years of journalism career, she decided to become a champion of free press and free speech overnight

Just wokeeeeee up

 

[coolmyth]

Can ask the spokesperson to declare their NRIC?

 

[Whispers]

Thought NRIC is sensitive info, thats why only reveal last 4 characters

flip prata on the go??

 

[UptheToon]

Before he open mouth got check with other govt ministry first? They said under pdpa ic is sensitive info that's why they mask ic number leh.

Or now flip prata liao?

 

[NintendoSwitch]

Ministries and Civil service have gone to the dogs since the passing of ah gong

No blame culture. Communicate with your vote.

 

[NintendoSwitch]

will we see the day whereby we need to identify ourselves as I, name, ic number, dob, gender, pronounce, bank balance figure, bank pin code. to verify?


Read HWZ Forum Rules!

Scholars furiously taking down notes for promotion.

 

[DJ Pork Chop]

anyone who says nric is public information should think twice. banks verification info is last few char of ic. masking is even considered because IT IS SENSITIVE INFORMATION. go on the street and ask anyone to pass u their ic like their name? how many will do it? they dont because ic is a more sensitive info used by all org to personally identify you.

if yall wanna push ic being public info, means yall buy in to this extremely poor explaination by the simi mddi.

 

[Courage]

How can something meant to be unique be known to all scammers, fraudsters and loan sharks?