VerifiedID@SG

VerifiedID@SG requires all new .sg domain names registered from 2 May 2013 to undergo compulsory verification using Singpass/Corppass. The verification is to be carried out by the administrative contact of a domain name to verify the identity and contact information of the registrant. The verification involves two steps:

(a) Login to Singpass as Individual (sample screen shot) or Business User* (sample screen shot); and

(b) Click on a “Verify Identity” button. (sample screen shot)

The administrative contact will be given a grace period of 21 calendar days from the date of registration to verify the registrant’s identity and contact information. If the administrative contact has not done this after the grace period, SGNIC will suspend the domain name.

As an exception under specific conditions, registrants who are unable to arrange for individuals/organisations who possess a Singpass/Corppass account to act as an administrative contact can appoint an organisation with a valid “SGNICID” as the administrative contact. For details, see question 19.

* From 11 April 2021, the login process for Corppass has been changed to verify the user’s identity via Singpass first before accessing and transacting with government digital services. While Singpass is used for logins, Corppass will continue to be the one-stop authorisation system for entities to authorise or remove their employees’ access to government digital services on their behalf.

VerifiedID@SG was implemented on 2 May 2013. In view of the inconvenience that the large pool of existing registrants (with domain names registered before 2 May 2013) will face if they are required to replace existing administrative contacts with administrative contacts with Singpass/Corppass accounts, SGNIC will not mandate VerifiedID@SG for such registrants until there is a change of such registrants’ identity or contact information. Nevertheless, if SGNIC has doubts over the identity of any existing registrants, SGNIC may subject the domain names to verification via the VerifiedID@SG scheme on a case-by-case basis. SGNIC may extend the scheme to all existing domain names if deemed necessary.

To check if your domain name falls under the scheme, you can perform a WHOIS search via http://www.sgnic.sg on the domain name. If your domain name does not have a ‘VerifiedID@SG-Mandatory” status, it means that the domain name is not subjected to the VerifiedID@SG scheme until there is change of the domain name registrant’s identity or contact information.

Some of the ‘.sg’ registrants are foreign organisations. At the moment there is no convenient system or method for foreign organisations to verify their identity online. For the registrants to prove their identities, one way is for them to provide paper-based documentary proof, such as the company registration certificates and personal identity documents. This process, however, is time-consuming, and creates inconvenience for registrants.
 
Each .sg domain registration requires a Singapore administrative contact. Entities in Singapore can conveniently be identified online using Singpass or Corppass because Singapore citizens, PRs and foreigners working in Singapore could have been issued with a Singpass account, and Corppass account could be issued to businesses and various other types of organisations in Singapore. An entity with Singpass or Corppass account can thus act as the administrative contact for a ‘.sg’ domain name and assist in verifying the identity and contact information of the registrant via a convenient online process.

No, provided that he can show that he has exercised due diligence to check the accuracy of the identity and contact information of the registrant. In this case, SGNIC will need his assistance in its investigation.

Where SGNIC believes that the administrative contact has made a false declaration or has provided false, misleading or inaccurate information, SGNIC may bar the administrative contact from performing the task for any new .sg domain name.

Among the many domain name registries in the world, the industry norm is to allow an applicant to register domain names online. Traditionally, registries trust that the applicant has provided accurate and complete registration details such as his identity and contact information. Unfortunately, some applicants abuse this trust and engage in identity theft or provide fake information. Such fake registrations can potentially harm the Internet community. They are often pre-cursors to using the domain names in malicious ways (such as malware distribution, phishing or scams) or any act of misconduct. In addition, in cases of identity theft, the victimised party whose identity has been stolen often suffer the inconvenience and distress of having to prove his innocence.

As Internet applications continue to grow, so does the possibility for abuses in domain names. As more people rely on the Internet for work and leisure, identity theft and fake identity is a growing concern among domain name registries globally.

An effective way of preventing identity theft and fake identity is to require the applicant of a domain name to provide paper-based documentary proof, such as the company registration certificate and personal identity documents before accepting the domain name application; This is a time-consuming process. Not only will it slow down registrations but also creates inconvenience for registrants and registrars. A convenient and highly accessible way is to allow verification to take place online for most of the registrations.

SGNIC registration system is able to leverage on “Singpass” (Singapore Personal Access) and “Corppass” (Singapore Corporate Access) to know the identity of the administrative contact of the domain name. The administrative contact can verify the identity and contact information of the registrant and be contacted by SGNIC in its investigations into any inaccurate or false information about the registrant.

When you apply for a new domain name from 2 May 2013 onwards, you will need to provide details of an individual-type administrative contact that has a valid Singpass ID (i.e. Singapore NRIC or FIN)* or an organisation-type administrative contact that has a valid Unique Entity Number (UEN)**. 

The administrative contact must, within 21 calendar days from the date of registration, complete the verification process via the VerifiedID@SG Portal. This can be done by the administrative contact via two ways:

a. Click on the link in an email that will be sent by SGNIC to the administrative contact’s email (sample screen shot), or;

b. Go to VerifiedID@SG portal directly at URL: http://verifiedid.sgnic.sg

*Please note that ‘personalised’ Singpass ID, implemented under the Enhanced Singpass, cannot be accepted because the ‘personalised’ Singpass ID is designed to be accepted during the Singpass login process within Singpass’s authentication system. E-services such as SGNIC’s system can only accept Singpass ID in the format of Singapore NRIC or FIN. Please also see question 16 on who is eligible for a Singpass ID.

**Please note that the “UEN” of the organisation, instead of a “Singpass ID” linked to the organisation's Corppass account, should be provided in the administrative contact because the Singpass ID is designed to be used only during the Corppass login process within Corppass’s authentication system to identify which user is designated by the organisation  to transact with the e-service. Please also see question 17 on who is eligible for Corppass.

It should take less than 5 minutes to perform the verification. The process entails a two-step process:

(1) Login to Singpass as Individual (sample screen shot) or Business User* (sample screen shot); and

(2) Click on a button to verify the registrant’s identity and contact information upon confirming that the details are accurate. (sample screen shot)

An administrative contact who has proven his online identity via a successful (Individual/Business user*) Singpass login can have a more direct one-step verification process for future domain name registrations. To have this added convenience, the administrative contact must add his email to the list of ‘authorised email’ in the VerifiedID@SG portal (after successful login). For future domain name registrations, SGNIC’s initial email to the administrative contact will contain a special hyper-link that the user can click to login directly to the VerifiedID@SG portal and continue with the verification process (without the need to login).

* From 11 April 2021, the login process for Corppass has been changed to verify the user’s identity via Singpass first before accessing and transacting with government digital services. While Singpass is used for logins, Corppass will continue to be the one-stop authorisation system for entities to authorise or remove their employees’ access to government digital services on their behalf.

If a newly registered domain name is not verified by the administrative contact within 21 calendar days of registration, the domain name registration will be suspended (i.e. its website and emails will cease to function). When the domain name has been suspended, anyone can seek a temporary extension of the verification due date by 7 days via this link. The due date can only be extended once.

The domain name will also not be renewable until the administrative contact completes the verification process.

To reset the Singpass password, please visit to Singpass “Reset Password” page <here>.

Under Singpass current guidelines, the following groups of users are eligible to apply for Singpass account:

• Singapore Citizen and Permanent Resident
• Employment Pass and Personalised Employment Pass holders
• EntrePass holders
• S-Pass holders
• Dependant Pass holders (of EP, PEP, EntrePass and S-Pass holders)
• Selected Work Permit Holders

Under Corppass current guidelines, the following group of entities is eligible to apply for Corppass account:

• Local Entities with Unique Entity Number (UEN) – Locally registered organisations that have been issued a UEN by the Accounting and Corporate Regulatory Authority (ACRA) or other UEN-issuance agency.

To find out more and learn about Corppass, visit the Corppass “Find Out More” page <here>.

Should you require further support on Corppass, please visit the Corppass “FAQ” page <here>.

To learn more about Corppass functionalities and how to use them, you may view Corppass step-by-step guides and video guides <here>.

All registrants should appoint a local administrative contact with a Singpass account or Corppass account. However, under special exceptions listed below, you may ask your administrative contact to apply for a “SGNICID”.

Entities that may apply for SGNICID are:

• A local organisation, without a Corppass account and is in the business of registering and managing domain names (e.g. registrars, resellers, law firms, etc.) and is managing a sizable number of .sg domain names (to be determined by SGNIC on case-by-case basis) at the point of application;
• A foreign organisation or foreign individual (without a Singpass account or Corppass account) who is unable to appoint a local administrative contact with a Singpass account or Corppass account; or
• An entity that, in SGNIC's sole discretion, would require a SGNICID.

Note that all the entities above must have a local presence and valid Singapore postal address in order to be appointed as an administrative contact for .sg domain names.

SGNICID is only issued under exceptional circumstances (please see question 19 for the pre-requisites).

The SGNICID will be issued after SGNIC has verified the true identity of the applicant. To apply for a SGNICID, the applicant will have to submit the completed form (http://verifiedid.sgnic.sg/sgnicid_app.pdf) with the supporting documents (refer to Annex of the form) for pre-screening and approval (email [email protected] or fax to 66592532). SGNIC will make an appointment with the applicant to submit the application and collect the SGNICID in person at SGNIC’s office. The applicant will need to bring along the documents stated in the form.

A. For a contact (registrant or administrative contact) that has specified an identification number (e.g. UEN, NRIC, etc.), a change of identity occurs when there is a change of the identification number. If there is a change of the “name” but not the identification number, the system will not flag it as a ‘change of identity’. This is to cut down the need for identity re-verification by the administrative contact. For example, if a registrant “Joe Pte Ltd” with Unique Entity Number (UEN) 53001111W has changed its name to “Joe (Singapore) Pte Ltd” but the UEN stays the same as 5300111W, it will not be considered as a ‘change of identity’ and the administrative contact need not perform a re-verification.

B. For a contact (registrant or administrative contact) that has not specified an identification number, a change of identity occurs when there is a change of the organisation name (for organisation-type contact) or first/last name (for individual-type contact) or when an identification number is provided. For example, if a registrant “Peter Goh” with no identification number provided updates to his information with NRIC “8012345A” or change his name to “Peter Goh B C”, it will be detected as a change of identity.

The following scenarios will trigger an email to the administrative contact that requires him/her to perform first verification for the name:

For names registered on or after 2 May 2013:

▪ New domain name registrations

(Effective from 19 April 2020) For names registered before 2 May 2013:

▪ Change in identity of registrant
▪ Change in contact information of registrant

After the first verification, a subsequent change in the identity or contact information of the registrant, or a change in identity of the administrative contact on all domain names could trigger an email to the administrative contact to request for him/her to perform the verification again.

Registrants should ensure that the administrative contact is aware that he or she has been appointed as the administrative contact for the domain name and should perform the verification timely.

To ensure that the notification email reaches the administrative contact, registrants have to ensure that the correct email address is provided. Registrants should also ensure that the email address will remain valid for the whole duration of the domain name’s registration period.

Please also see question 26.

You can perform a WHOIS search via http://www.sgnic.sg on the domain name. Domain names that are verified will have a status of “VerifiedID@SG-OK”. (sample screen shot)

Domain names that are pending verification will show a status of ‘VerifiedID@SG-Pending”. (sample screen shot)

If your domain name does not have a ‘VerifiedID@SG-Mandatory” status, it means that the domain name is not subject to the VerifiedID@SG scheme.

You can login to VerifiedID@SG portal, click on the domain name, click "Stop Daily Reminder Email" button at the bottom of the domain details page and click on the "Confirm" button.

The system will stop sending the daily notification email to you.

You can login to VerifiedID@SG portal, click on the domain name, click "Stop Daily Reminder Email" button at the bottom of the domain details page, put a tick on the box which states "(optional) I am NOT the Administrative Contact of this domain name..." and click on the "Confirm" button.

The system will stop sending the daily notification email to you and also notify the domain name registrant and sponsoring registrar to take appropriate actions.