Tag: SMS

Singapore – Digital wealth advisory platform Endowus has partnered with customer engagement platform Twilio to enhance security on their platform and build client trust. 

Endowus worked with Twilio to implement various security measures to safeguard its ecosystem and comply with regulations. In particular, the platform needed an advanced verification solution to mitigate the increasing risks associated with bot sign-ups and fraudulent activities. 

This led to the implementation of Twilio Verify, which adds layers of protection by enforcing SMS OTP verification during critical user actions such as logging in or making a withdrawal – thus ensuring that only legitimate users interact with the Endowus platform. 

With Twilio Verify, Endowus also introduced WhatsApp OTPs for customers logging in from overseas, allowing them to securely and reliably access their accounts and make transactions from anywhere in the world. This has been particularly useful in instances where clients are travelling internationally and unable to receive SMS OTPs.

Endowus also leveraged Twilio Verify Fraud Guard, which can identify patterns matching fraudulent SMS schemes, then proactively block or flag these schemes and prevent them from ever reaching the client. For example, the tool can proactively monitor patterns such as the percentage of delivered OTPs which are subsequently successfully verified. 

A drop in verification rates could signal issues like compromised credentials, and Twilio Verify Fraud Guard can identify this occurrence early on and alert the company to investigate and take action quickly. 

Endowus is also looking to explore additional solutions with Twilio to further enhance security on the platform. This includes Twilio Verify Push, which sends a push authentication to a user’s smartphone or tablet, enabling them to securely confirm their identity with a simple tap.

Deepak Sarda, chief technology officer at Endowus, said, “We are constantly reviewing the security and privacy concerns facing our clients today, and it’s essential that we do all we can to mitigate these risks for them. We’ve been able to use Twilio’s standout solutions to significantly strengthen Endowus’ security safeguards, ensuring our clients can engage with our platform worry-free.”

Meanwhile, Robert Woolfrey, vice president of communications for APJ at Twilio, commented, “Investors are increasingly selective about who they entrust their capital to, so fostering assurance is key. This requires a non-negotiable commitment to a robust security posture. At the same time, businesses still need to ensure their user experience is as seamless as possible. With the right tools in place, there’s no longer a need to compromise security for quality – you can engage your customers immersively, meaningfully, and securely all at once. We’re proud to have partnered with Endowus to achieve this.”

Singapore – In the bid to further scam-proof all customer communications through SMS, Infocomm Media Development Authority (IMDA), Singapore’s watchdog for information and communications, has decided to finally make the registration of Sender IDs for SMS mandatory for organisations. 

A pilot SMS Sender ID Registry was first initiated in August 2021, however, with the surge in scams using SMS, IMDA accelerated the setting up of the Singapore SMS Sender ID Registry or SSIR in March this year, where SMS that spoofed or made use of registered IDs on the SSIR were blocked upfront, reducing the risk of scams.

The IMDA said that while SSIR has had an impact, in particular, SMS scam cases declining threefold, it remains to be a voluntary system, and thus concerning the board that this remains to give way for risks of spoofed SMS towards the public. 

“To build stronger scam prevention capabilities, we intend to make SSIR registration a requirement for organisations that use Sender IDs (i.e., a full registration regime). Therefore, only registered Sender IDs will be allowed. All other non-registered Sender IDs will be blocked as a default. This further safeguards SMS as a communication channel,” said IMDA in its official statement. 

Moving forward with the implementation, merchants and organisations that use SMS Sender IDs must register with the SSIR using their Unique Identity Number (UEN), and aggregators who wish to handle SMS with Sender IDs must participate in the SSIR and verify merchants/organisations sign-ups through their UENs

The IMDA said that the said requirements will provide better assurance that only bonafide merchants are using Sender IDs. As a start, the proposed solutions can detect malicious links within the SMS that lead to scam websites; and telcos can then develop solutions to identify patterns of suspicious scam messages and filter them accordingly.

The transition period for orgs will start from October 2022, before the full SSIR registration requirement commences in end-2022.

It would be remembered that at the beginning of the year, regulators in Singapore, particularly its financial authorities MAS and ABS, were urged to encourage banks to scrap clickable links in customer emails and SMS. This followed the OCBC catastrophe in Singapore wherein a phishing scam had nearly 500 customers losing their money amounting to at least S$8.5m.