VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant...
Transcript of VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant...
![Page 1: VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant of ABCbank.com.sg Not difficult to fake identity or perform identity theft!](https://reader030.fdocuments.in/reader030/viewer/2022040305/5ea37fd300056b3dfc06caf9/html5/thumbnails/1.jpg)
VerifiedID@SGMitigating Identity Theft in .sg Registrations
26 Mar 2014
Ryan Tan
![Page 2: VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant of ABCbank.com.sg Not difficult to fake identity or perform identity theft!](https://reader030.fdocuments.in/reader030/viewer/2022040305/5ea37fd300056b3dfc06caf9/html5/thumbnails/2.jpg)
Scope
• The Problem
• Solutions?
• The Plan
• Observations
![Page 3: VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant of ABCbank.com.sg Not difficult to fake identity or perform identity theft!](https://reader030.fdocuments.in/reader030/viewer/2022040305/5ea37fd300056b3dfc06caf9/html5/thumbnails/3.jpg)
The Problem
Registrant can claim to be anyone. e.g. ABC Ltd is registrant of
ABCbank.com.sg
Not difficult to fake identity or perform identity theft!• Precursor to other domain name abuses
No consequence even if caught
![Page 4: VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant of ABCbank.com.sg Not difficult to fake identity or perform identity theft!](https://reader030.fdocuments.in/reader030/viewer/2022040305/5ea37fd300056b3dfc06caf9/html5/thumbnails/4.jpg)
The Problem
Mitigations- Investigate ‘suspicious’ cases- Act on complaintsHow serious?- Those we come to know: couple of
cases.- Those we do not know: No one knows!
![Page 5: VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant of ABCbank.com.sg Not difficult to fake identity or perform identity theft!](https://reader030.fdocuments.in/reader030/viewer/2022040305/5ea37fd300056b3dfc06caf9/html5/thumbnails/5.jpg)
The Problem
![Page 6: VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant of ABCbank.com.sg Not difficult to fake identity or perform identity theft!](https://reader030.fdocuments.in/reader030/viewer/2022040305/5ea37fd300056b3dfc06caf9/html5/thumbnails/6.jpg)
Solutions
The “Best” way: Apply in-person with a stack of documentary proofs• Company registration certificates• Individual’s identity card, passport etc.• Authorisation letter• ….
![Page 7: VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant of ABCbank.com.sg Not difficult to fake identity or perform identity theft!](https://reader030.fdocuments.in/reader030/viewer/2022040305/5ea37fd300056b3dfc06caf9/html5/thumbnails/7.jpg)
Solutions
Any other ways?
Need a solution that: • Provides positive identification of the
person performing the registration• Preserve online & real-time nature of
registration• Allows simple and fast identity verification
process
![Page 8: VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant of ABCbank.com.sg Not difficult to fake identity or perform identity theft!](https://reader030.fdocuments.in/reader030/viewer/2022040305/5ea37fd300056b3dfc06caf9/html5/thumbnails/8.jpg)
Solutions
• Singapore has a “SingPass” system. (Singapore Personal Access)
• Pretty much anyone who lives or works in Singapore is issued a “SingPass” by the Singapore government (i.e. positively identified by the government).
� Username: <National ID or Foreigner ID>� Password: <*****>
![Page 9: VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant of ABCbank.com.sg Not difficult to fake identity or perform identity theft!](https://reader030.fdocuments.in/reader030/viewer/2022040305/5ea37fd300056b3dfc06caf9/html5/thumbnails/9.jpg)
Solutions
“SingPass” is in use for many existing e-services:• Buy house• Buy car• File income tax• Apply credit card• Check retirement account• and many others...
![Page 10: VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant of ABCbank.com.sg Not difficult to fake identity or perform identity theft!](https://reader030.fdocuments.in/reader030/viewer/2022040305/5ea37fd300056b3dfc06caf9/html5/thumbnails/10.jpg)
The Plan
• All .sg domain names already require a local admin contact
• We can further require admin contact to have a valid SingPass ID.
• The admin contact can then authenticate himself via SingPass and vouch for the identity of the registrant!
• For identify theft/fake identity cases, admin contact may be implicated
![Page 11: VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant of ABCbank.com.sg Not difficult to fake identity or perform identity theft!](https://reader030.fdocuments.in/reader030/viewer/2022040305/5ea37fd300056b3dfc06caf9/html5/thumbnails/11.jpg)
The Plan
• Admin contact has 21 days to perform verification otherwise domain name will be suspended (i.e. cease to resolve)
• Pretty naggy reminder emails sent daily to:�admin contact from day 1 to day 21� registrar from day 11 to day 21� registrant from day 14 to day 21
![Page 12: VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant of ABCbank.com.sg Not difficult to fake identity or perform identity theft!](https://reader030.fdocuments.in/reader030/viewer/2022040305/5ea37fd300056b3dfc06caf9/html5/thumbnails/12.jpg)
The Plan
After registration but before verification
![Page 13: VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant of ABCbank.com.sg Not difficult to fake identity or perform identity theft!](https://reader030.fdocuments.in/reader030/viewer/2022040305/5ea37fd300056b3dfc06caf9/html5/thumbnails/13.jpg)
The Plan
2-step process< 5 minutes
![Page 14: VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant of ABCbank.com.sg Not difficult to fake identity or perform identity theft!](https://reader030.fdocuments.in/reader030/viewer/2022040305/5ea37fd300056b3dfc06caf9/html5/thumbnails/14.jpg)
The Plan
![Page 15: VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant of ABCbank.com.sg Not difficult to fake identity or perform identity theft!](https://reader030.fdocuments.in/reader030/viewer/2022040305/5ea37fd300056b3dfc06caf9/html5/thumbnails/15.jpg)
The Plan
“Success” emails sent to admin contact and registrant for information
After verification
![Page 16: VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant of ABCbank.com.sg Not difficult to fake identity or perform identity theft!](https://reader030.fdocuments.in/reader030/viewer/2022040305/5ea37fd300056b3dfc06caf9/html5/thumbnails/16.jpg)
The Plan
After years of preparation, we launch a 6-months pilot trial on 2 May 2013.
![Page 17: VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant of ABCbank.com.sg Not difficult to fake identity or perform identity theft!](https://reader030.fdocuments.in/reader030/viewer/2022040305/5ea37fd300056b3dfc06caf9/html5/thumbnails/17.jpg)
Observations
• Very few negative feedback • No drop in registration volume• 75% of admin contact verify within 24 hrs;
99% within 21 days• Quality of registration data improved!• No suspected cases of identify theft and
fake identity cases (May to Oct 2013)• Increased in email and phone queries• Converted to permanent scheme since Nov
2013.
![Page 18: VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant of ABCbank.com.sg Not difficult to fake identity or perform identity theft!](https://reader030.fdocuments.in/reader030/viewer/2022040305/5ea37fd300056b3dfc06caf9/html5/thumbnails/18.jpg)
Summary
Claims that ABC Ltd is registrant of
ABCbank.com.sg?
S7098765A
Real person to verify online that ABC Pte Ltd is the registrant
After:
Before:
![Page 19: VerifiedID@SG - ICANN · The Problem Registrant can claim to be anyone. e.g. ABC Ltd is registrant of ABCbank.com.sg Not difficult to fake identity or perform identity theft!](https://reader030.fdocuments.in/reader030/viewer/2022040305/5ea37fd300056b3dfc06caf9/html5/thumbnails/19.jpg)
Thank You