Tighter Controls and Real-time Anomaly Detection for SIM Card Purchases, Re-registration Patterns and GSM Gateway Misuse

14 Mr Victor Lye asked the Minister for Digital Development and Information whether the Government will consider tighter controls and real-time anomaly detection for (i) bulk SIM card purchases (ii) SIM re-registration patterns and (iii) GSM gateway misuse, given their role in enabling overseas scam calls to appear local.

The Senior Minister of State for Digital Development and Information (Mr Tan Kiat How) (for the Minister for Digital Development and Information): The Government takes a proactive stance against scam calls and has put in place upstream controls to deter the abuse of SIM cards and GSM gateways.

The Infocomm Media Development Authority (IMDA) has worked with the Singapore Police Force (SPF) to tighten SIM card registration rules. Since 1 October 2025, scam mules are barred from subscribing to new mobile lines. From 28 February 2026, each person is limited to 10 postpaid SIM cards across all telecommunication companies (telcos), on top of the existing cap of three prepaid SIM cards per person across all telcos.

In 2025, SPF disrupted more than 105,000 scam-related mobile lines across all telcos. The IMDA, the Government Technology Agency of Singapore (GovTech) and SPF are using data analytics to detect suspicious SIM card purchase and registration patterns to prevent the misuse of SIM cards for criminal activities.

The import, sale and use of GSM gateways are regulated by IMDA. Gateway devices with five or more SIM card slots are prohibited without IMDA's prior approval for import since 1 February 2025.

The Government will continue to review and strengthen our multi-layered anti-scam measures as scam tactics evolve. Those who enable scammers by providing SIM cards or GSM gateway devices will be dealt with severely under the law. Mules who supply SIM cards to scammers may be liable for imprisonment of up to three years and caning of up to 12 strokes.

Mr Speaker: Mr Lye.

Mr Victor Lye (Ang Mo Kio): Thank you, Speaker. I thank the Senior Minister of State for the reply. I also want to refer to the earlier Parliamentary Question, where the Minister of State made a very important point – that prevention is better than cure – in the case of scams.

With regard to what IMDA and the Ministry is doing, may I ask two supplementary questions?

First, is there real-time monitoring – and as was referred to earlier, done as a cross-agency effort and a whole-of-Government effort – to fight scams? Is there a real-time monitoring of unusual data usage, use of GSM gateways and so on?

My second question is, who mandates the monitoring thresholds and the data criteria? Is it set at the macro level or is it left to the individual telcos to determine?

Mr Tan Kiat How: Sir, I thank the Member for the two supplementary questions. Building on what Minister of State Goh Pei Ming had said earlier on the replies to the earlier two Parliamentary Questions, this is a multi-agency effort across different Government agencies – the Ministry of Digital Development and Information, the Ministry of Home Affairs, IMDA, GovTech, SPF and the Immigration and Checkpoints Authority, on the import of GSM gateways – so, it is a multi-agency effort. On top of that, I should also mention the Monetary Authority of Singapore, which is an important player.

And on top of the multi-agency effort, it is also an effort that involves the private sector. We work closely with telcos, financial institutions and banks. We also work together with other important players, including e-commerce platforms. It is a scourge against society and it requires a whole-of-society effort.

So, when the Member talks about the thresholds on SIM cards and prohibition, it is something that we look at together across the different agencies – building on the data that has been collected, certainly by SPF and other agencies as well, and finding the right threshold and refining the threshold depending on the scam tactics involved. So, it is something that is not static but is dynamic, alive and something we look at on a regular basis.

In Chinese, there is a saying: "道高一尺，魔高一丈". Scam tactics are evolving, the bad actors are evolving; and we, the good guys, the defenders are also evolving our tactics.

In that spirit, I want to assure the Member that we are using different tools, including data analytics, to look at scam tactics and the patterns of how they are evolving. But because of operational security considerations, we do not want the bad actors to know what we are doing. Hence, I will not share any of the operation details. But certainly, we are using technology, data analytics, including leveraging technologies like AI.

I also want to make two quick points.

One, a point about the number of cases coming down. The number of cases with phone calls as the first contact method has actually decreased, based on the recent publicly available Annual Scams and Cybercrime Briefs. The number of cases with short message service (SMS) as the first contact method has also decreased about 65% – from 1,285 cases in 2024, to 450 cases in 2025. So, that is progress. But we are not resting on our laurels and we must continue to monitor and take action.

And related to that, I know that some prevention is better than the pursuit of recovery of assets. I know that a number of Singaporeans are also wondering: would my number and name be used to register for SIM cards by mules or by bad actors? IMDA, together with GovTech, has jointly developed a new tool, SIMCardHowMany, you can Google it and look at it online, which allows mobile phone users to check the number of postpaid SIM cards currently registered under their names. This allows the members of the public to check their registered SIM cards included within the postpaid limit of 10 SIM cards. Persons who discover discrepancies or suspects that postpaid SIM cards have been fraudulently registered under their names should inform their telcos immediately.

So, prevention is better than pursuit of losses after that.