Singapore has imposed ID verification requirements on Facebook Marketplace sellers to protect users from being scammed, potentially setting a trend that will extend to other jurisdictions.
Singapore's Online Criminal Harms Act (OCHA), which came into effect in full on Monday (June 24), imposes new obligations on social media and e-commerce platforms.
Under the new rules, Facebook Marketplace and Facebook Advertisements will have to verify the identities of all "risky sellers" by the end of 2024.
If verifying these sellers does not lead to a “significant drop” in reported scam activity, the platforms will be forced to verify all sellers by Easter 2025.
In future, Facebook Pages will also be required to verify “risky sellers”. However, this requirement has been put on hold so that Facebook can prioritise ID verification for Marketplace and Advertisements.
Singapore’s Ministry of Home Affairs (MHA) designated the three Facebook platforms on the grounds that they pose the “highest risk” of scams to e-commerce users in Singapore.
The only other e-commerce platform that has been designated so far is Carousell, a Singapore-based peer-to-peer (P2P) marketplace for C2C and B2C sales.
The designated platforms must now comply with the E-Commerce Code, which the MHA is authorised to impose under the OCHA.
The code specifies that users who advertise or post about the sale of goods or services on designated platforms, or who intend to do so, should be verified against a government-issued ID.
It also specifies that users should be given an option to use a payment protection mechanism, which requires the delivery of goods or services to be verified before the payment is released.
Instant messaging platforms also face new obligations
The OCHA, which was adopted by the Singapore parliament in July 2023, has come into effect in two tranches, with the first going live in February 2024.
The first set of obligations required online service providers to cooperate with information-sharing requests from law enforcement agencies to facilitate investigations and criminal proceedings.
The second set of obligations, which came into effect on Monday (June 24), introduces “codes of practice” and “implementation directives” designed to strengthen the scam-fighting abilities of designated providers.
In addition to those designated as high-risk e-commerce platforms, the MHA also designated five platforms — Facebook, WhatsApp, Instagram, Telegram and WeChat — as high-risk “online communication services”.
Under the OCHA’s Online Communication Code, designated platforms must implement appropriate “systems, processes or measures” to meet predetermined scam-fighting goals.
The first goal for these platforms is the “disruption of malicious accounts and activities”. This means that designated providers must be able to demonstrate that they are “proactively detecting” and “taking necessary action(s)” against suspected scams and malicious cyber activities.
Designated providers must also implement a “fast-track channel” to facilitate the receipt of reports on scams and malicious cyber activity from law enforcement agencies, and must act on these reports “expeditiously”.
The second objective is the “deployment of safeguards to prevent propagation of malicious activities”. Requirements include having “reasonable” verification measures to prevent the creation and usage of inauthentic accounts or bots for scams and malicious cyber activities, and requiring holders of online accounts to have “strong login verification”.
The final objective, “accountability”, requires the designated providers to submit annual reports on the implementation of the systems, processes and measures described in objectives one and two.
Those designated under the E-Commerce Code must comply with the same obligations as those designated under the Online Communication Code, in addition to the ID verification and payment protection mechanisms described above.
Will other jurisdictions follow?
Singapore may be the first jurisdiction in the world to introduce specific ID verification rules for sellers on Facebook Marketplace and other Facebook platforms.
Regulators in other jurisdictions are likely to take note, given that other stakeholders in payments and e-commerce have been calling for similar rules for some time.
In the UK, as covered by Vixio, TSB has led the major banks in drawing attention to Facebook’s role as a reservoir of scam activity.
In January 2024, the bank published new data showing that Facebook Marketplace accounts for 73 percent of purchase scams reported by its customers.
The bank also estimated that British consumers lost up to £60m to Facebook Marketplace scams in 2023 — an average of £160,000 every day.
Both TSB and Lloyds Bank, which has published similar data, have called on regulators to do more to ensure that Facebook Marketplace users are protected from scammers.
Paul Davis, director of fraud prevention at TSB, said last year that it is “high time” for social media companies to be made financially liable for fraud that originates on their platforms.
In the absence of such controls, TSB’s latest advice is for customers to “avoid” using Facebook Marketplace altogether, due to the high likelihood of being scammed.
ID verification for sellers, as exemplified by Singapore, could be an effective way to reduce the number of fraudulent adverts on Facebook Marketplace and, in future, other social media sites.
Prasad Thandapani, analyst at Vixio Regulatory Intelligence, said other jurisdictions in APAC, such as Hong Kong, Malaysia and Taiwan, are likely to follow suit.
Like Singapore, these jurisdictions also have standardised national ID schemes that are already widely used for other purposes, such as opening bank accounts, paying taxes and registering with a hospital.