Carousell, Facebook Marketplace & others must implement measures to 'proactively disrupt' scams from Jun. 26, 2024

Countering scams and malicious cyber activities.

By
Winnie Li

clock

June 21, 2024, 12:03 PM

Telegram

Whatsapp

Service providers, such as Facebook, Instagram, WhatsApp, Telegram, WeChat, and Carousell, will be required to put in place "appropriate systems, processes, or measures to proactively disrupt" scams and malicious cyber activities affecting Singapore users soon.

The Competent Authority, sited within the Singapore Police Force, will be able to issue Code(s) of Practice (COP), which are part of the framework created under The Online Criminal Harms Act (OCHA).

The framework aims to "strengthen the government's partnership with online services to counter scams and malicious cyber activities," said the Ministry of Home Affairs (MHA) in a Jun. 21 press release.

Earlier in April 2024, Facebook Marketplace and Carousell attained the lowest ratings amongst six major e-commerce marketplaces in the 2024 edition of the E-commerce Marketplace Transaction Safety Ratings published by the Inter-Ministry Committee on Scams.

According to MHA, this is because the two platforms have only implemented "some" of the key safety features, which include measures to verify seller authenticity and monitor fraudulent seller behaviour.

Facebook Marketplace was also the platform used in almost half of e-commerce scams reported in 2023.

COPs to take effect on Jun. 26, 2024

According to MHA, the Competent Authority will issue two COPs, one for Online Communication Services (Online Communication Code) and another for E-commerce Services (E-Commerce Code).

These COPs will take effect on Jun. 26.

Online Communication Code

The Online Communication Code is applicable to five online communication services, which "present the highest risk of scams to Singapore users", according to MHA.

These online services, namely Facebook, WhatsApp, Instagram, Telegram, and WeChat, will be designated on Jun. 26.

Under the Online Communication Code, these service providers "must implement appropriate systems, processes, or measures" to achieve three objectives: quick disruption of malicious accounts and activities, deployment of safeguards to prevent propagation of malicious activities, and achieving accountability.

Requirements to fulfil these objectives include proactively detecting and taking necessary action(s) against suspected scams and having "reasonable verification measures" to prevent the creation and usage of inauthentic accounts or bots for scams, amongst others.

Providers of the designated online services will be required to implement the appropriate systems, processes, or measures to comply with the COP by Dec. 31, 2024.

E-Commerce Code

The E-Commerce Code is applicable to four online services that "facilitate e-commerce activities and post the highest risk of e-commerce scams amongst other services in Singapore," according to MHA.

These online services, namely Carousell, Facebook Marketplace, Facebook advertisements, and Facebook pages, will be designated on Jun. 26 as well.

In addition to the requirements under the Online Communication Code, the E-Commerce Code has two more requirements for user verification and payment protection mechanisms.

These additional requirements "are based on what MHA assesses to be more critical in protecting Singapore end-users from e-commerce scams," said the ministry.

Timeline for implementation

For the implementation of the E-Commcerce Code, MHA will adopt "a risk-calibrated and outcome-based approach" by prioritising the implementation of the user verification requirement.

This is because the ministry assessed this measure to be "the most critical to curb scams".

"We will allow the designated online services to only apply the user verification requirements on those they identify to be risky for a start. Should the e-commerce scam situation fail to improve, we will then require the services to expand the coverage of the verification requirements, such that more users need to have their identity verified," said MHA.

Implementing user verification requirement

The timelines for each provider of these services also vary.

For instance, for Carousell, MHA will assess the effectiveness of its measures to verify the identity of risky sellers between Jul. 1 and Dec. 31, 2024.

Should the number of e-commerce scams reported on Carousell fail to drop "significantly", MHA will require Carousell to verify the identity of all sellers by Apr. 1, 2025.

Likewise, MHA will conduct the same assessment on Facebook Marketplace between Jun. 1 and Nov. 30, 2024.

MHA will require Facebook to verify the identity of all Marketplace sellers by Mar. 1, 2025, if the e-commerce scams reported on the platform do not drop "significantly".

Implementing payment protection mechanisms

MHA said it would also adopt a risk-calibrated and outcome-based approach for the implementation of the payment protection mechanisms requirement.

The ministry will assess the need for this requirement "based on the effectiveness of the user verification measures that the designated online services are putting in place to reduce the number of e-commerce scams".

For now, MHA will wave this requirement "to allow the services to prioritise implementing the necessary processes to comply with the user verification requirement" and "reassess this in 2025".

Implementing other requirements

For the other requirements in the E-Commerce Code, designated online service providers must comply with them by Dec. 31, 2024.

MHA added it will review the list of these services "regularly" based on prevailing scam situations.

More information for both COPs can be found here.

Other counter-scam measures

A Rectification Notice may be issued to the provider of designated online services if they are assessed by the Competent Authority as failing to comply with any part of the COPs applicable to it.

The notice will require the provider to correct the non-compliance by a specified time.

Failure to rectify is a criminal offence.

Additionally, the Competent Authority may also issue Implementation Directives to the provider of any designated online service to implement "a specific system, process, or measure to address the risk of scams or malicious cyber activities".

More information on OCHA can be found here.

Related stories

Top image via Canva


Follow us on Facebook, Instagram, Twitter and Telegram to get the latest updates.

  • image
  • image
  • image
  • image

MORE STORIES

Events