September 8, 2025
SINGAPORE – When investors log into their Tiger Trade accounts, silent checks are done in the background to verify their SIM card identities. No passwords or one-time passwords are needed, allowing logins on registered devices to be fuss-free despite the security checks.
This is possible after one Singapore telco got into the thick of the action to counter scammers and hackers.
Tiger Brokers, the firm behind Tiger Trade, uses Singtel’s SingVerify service to harness mobile network data for verifying account holders who are also Singtel customers.
Tiger Brokers, which has 2.6 million customers globally, declined to provide the number of customers it has here.
SingVerify matches the location of a login attempt with the location of the customer’s registered mobile number. If there is no match, the error is conveyed to Tiger Brokers, which will then block the login attempt and prompt the customer to use an alternative login method.
“Unlike traditional verification methods that rely solely on user input, SingVerify enables seamless identity checks that reduce the risk of human error and social engineering attacks,” said a spokesman for Tiger Brokers.
The trading platform is one of two businesses in Singapore currently using SingVerify, introduced in March 2024. The other business client, IPification, resells SingVerify to other mobile operators, banks and fintech companies.
Like Singtel, other telcos in Asia have joined the fight against scams using network data such as location and phone numbers.
In Thailand, Thai telecom firm True uses a number verification method to help financial services provider Easy Buy authenticate mobile transactions on its Umay+ cash card app.
In Indonesia, Telkomsel has a number verification service called Telco Verify.
ByteDance-owned TikTok has signed a memorandum of understanding with Telkomsel to adopt Telco Verify for TikTok users in Indonesia. The collaboration will enhance security and convenience for Indonesian TikTok users, as they no longer need passwords to login.
These telcos use open application programming interfaces (APIs) created under the GSMA Open Gateway Initiative for their anti-fraud efforts.
The initiative provides access to open APIs which allow telcos to share location and SIM data with third parties such as banks, e-commerce or trading platforms.
GSMA – an association representing over 1,000 mobile network operators worldwide – declined to reveal how many telcos are using its number verification and location checking APIs to counter fraud. Existing users listed on its website include Airtel (India), AIS (Thailand), Malaysian telcos Axiata and U Mobile, Smart and Globe Telecom in the Philippines and China Unicom.
The association is active in the fraud prevention space as a member of the Global Anti Scam Alliance. The alliance published a Global State of Scams 2024 report saying that scammers had siphoned more than US$1.03 trillion (S$1.32 trillion) worldwide, of which two-thirds of the losses came from Asia-Pacific.
Mr Julian Gorman, the Asia-Pacific chief executive of GSMA, said that the global fight against fraud is more effective when its APIs are adopted by all telcos.
Businesses are more likely to adopt telcos’ anti-fraud API services if they can offer the same defence to all customers, not just those who subscribe to a particular mobile operator, said Mr Gorman.
“Operators naturally move the fastest when banks, merchants and regulators in their market ask for the capability and a clear revenue model is visible,” he said.
One lingering concern with the use of anti-fraud APIs is user privacy.
Singtel said that its SingVerify service is a form of machine-to-machine communication. The content is not viewable by humans.
“The device location API, for instance, gives an indicative location, not exact coordinates,” said Mr Cheong Hai Thoo, Singtel’s vice-president for mobile and networks.
M1 and StarHub declined to comment.
A Simba spokesman said: “Simba has not embarked on the GSMA API implementation as we believe that there are serious issues around privacy and consent, which have not been addressed.”