9. Will the administrative contact be held accountable if the registrant’s identity or contact information (i.e. address, postal code, telephone number, fax number and email address) turns out to be inaccurate, incomplete, or even false?
VerifiedID@SG requires the administrative contact of a ‘.sg’ domain name to verify the identity and contact information of the registrant. VerifiedID@SG is aimed at mitigating the use of fake information associated with a ‘.sg’ domain name registration, which will in turn minimise the abuses of the domain name and further enhance the trust among the users of .sg websites.
VerifiedID@SG requires all new .sg domain names registered from 2 May 2013 to undergo compulsory verification using SingPass. The verification is to be carried out by the administrative contact of a domain name to verify the identity and contact information of the registrant. The verification involves two steps:
(a) login to SingPass; (sample screen shot) and
(b) click on a “Verify Identity” button. (sample screen shot)
The administrative contact will be given a grace period of 21 calendar days from the date of registration to verify the registrant’s identity and contact information. If the administrative contact has not done this after the grace period, SGNIC will suspend the domain name.
As an exception under specific conditions, registrants who are unable to arrange for individuals who possess a SingPass ID/account to act as an administrative contact can appoint an organisation with a valid “SGNICID” as the administrative contact. For details, see question 17.
No. Only domain names registered from 2 May 2013 onwards will be subject to the scheme.
Domain names registered before 2 May 2013 will not be affected. However if SGNIC has doubts over the registrant’s authenticity, SGNIC may require the administrative contact to verify the identity of the registrant.
SGNIC is aware that a large number of existing registrants are using ‘organisational’-type administrative contacts for their domain names. It will cause inconvenience to registrants if they are required to replace existing ‘organisation’-type administrative contacts with ‘individual’-type administrative contacts in order to implement identity verification via SingPass. With the existing measures that are in place to mitigate identity abuses, SGNIC is satisfied that existing domain names are not likely to give rise to identity problems. However, if SGNIC has doubts over the identity of any existing registrants, SGNIC may subject the domain names to verification via the VerifiedID@SG scheme on a case-by-case basis. SGNIC may extend the scheme to all existing domain names if deemed necessary.
To check if your domain name falls under the scheme, you can perform a WHOIS search via http://www.sgnic.sg on the domain name. If your domain name does not have a ‘VerifiedID@SG-Mandatory” status, it means that the domain name is not subjected to the VerifiedID@SG scheme.
All domain names have to be registered by real organisations or individuals. By registering, they are in turn responsible for the safe and lawful use of the domain names.
Most of the ‘.sg’ registrants are organisations. At the moment there is no convenient system or method for organisations (including foreign organisations) to verify their identity online. For the registrants to prove their identities, one way is for them to provide paper-based documentary proof, such as the company registration certificates and personal identity documents. This process, however, is time-consuming, and creates inconvenience for registrants.
Conversely, individuals in Singapore can conveniently be identified online using SingPass because Singapore citizens, PRs and foreigners working in Singapore could have been issued with a SingPass ID. An individual can thus act as the administrative contact for a ‘.sg’ domain name and assist in verifying the identity and contact information of the registrant via a convenient online process.
Yes, he can. He should however act as the administrative contact since the system is designed for the administrative contact to verify the identity and contact information of the registrant. This will help simplify the communications and workflow for all parties (registrants, registrars and SGNIC) and minimise any potential confusion.
As an administrative contact, his obligation is to exercise due diligence to check the identity and contact information of the registrant and confirm that it is true. In the event that a domain name is found to be abused for undesirable activities (e.g. fraud) and the identity or contact information of the registrant is incorrect, the administrative contact may be asked to assist SGNIC or any other relevant authority in their respective investigations.
No, provided that he can show that he has exercised due diligence to check the accuracy of the identity and contact information of the registrant. In this case, SGNIC will need his assistance in its investigation.
Where SGNIC believes that the administrative contact has made a false declaration or has provided false, misleading or inaccurate information, SGNIC may bar the administrative contact from performing the task for any new .sg domain name.
No. Registrants themselves are accountable for the proper usage of domain names including the content that is displayed on the website.
Among the many domain name registries in the world, the industry norm is to allow an applicant to register domain names online. Traditionally, registries trust that the applicant has provided accurate and complete registration details such as his identity and contact information. Unfortunately, some applicants abuse this trust and engage in identity theft or provide fake information. Such fake registrations can potentially harm the Internet community. They are often pre-cursors to using the domain names in malicious ways (such as malware distribution, phishing or scams) or any act of misconduct. In addition, in cases of identity theft, the victimised party whose identity has been stolen often suffer the inconvenience and distress of having to prove his innocence.
As Internet applications continue to grow, so does the possibility for abuses in domain names. As more people rely on the Internet for work and leisure, identity theft and fake identity is a growing concern among domain name registries globally.
An effective way of preventing identity theft and fake identity is to require the applicant of a domain name to provide paper-based documentary proof, such as the company registration certificate and personal identity documents before accepting the domain name application; This is a time-consuming process. Not only will it slow down registrations but also creates inconvenience for registrants and registrars. A convenient and highly accessible way is to allow verification to take place online for most of the registrations.
SGNIC registration system is able to leverage on “SingPass” (Singapore Personal Access) to know the identity of the administrative contact of the domain name. He or she can verify the identity and contact information of the registrant and be contacted by SGNIC in its investigations into any inaccurate or false information about the registrant.
When you apply for a new domain name from 2 May 2013 onwards, you will need to provide details of an administrative contact that has a valid SingPass ID (i.e. Singapore NRIC or FIN)*.
The administrative contact must, within 21 calendar days from the date of registration, complete the verification process via the VerifiedID@SG Portal. This can be done by the administrative contact via two ways:
a. Click on the link in an email that will be sent by SGNIC to the administrative contact’s email (sample screen shot), or;
b. Go to VerifiedID@SG portal directly at URL: http://verifiedid.sgnic.sg
*Please note that ‘personalised’ SingPass ID, implemented under the Enhanced SingPass, cannot be accepted because the ‘personalised’ SingPass ID is designed to be accepted only during the SingPass login process within SingPass’s authentication system. E-services such as SGNIC’s system can only accept SingPass ID in the format of Singapore NRIC or FIN.
It should take less than 5 minutes to perform the verification. The process entails a two-step process:
(1) Login via SingPass; (sample screen shot) and
(2) Click on a button to verify the registrant’s identity and contact information upon confirming that the details are accurate. (sample screen shot)
An administrative contact who has proven his online identity via a successful SingPass login can have a more direct one-step verification process for future domain name registrations. To have this added convenience, the administrative contact must add his email to the list of ‘authorised email’ in the VerifiedID@SG portal (after successful login via SingPass). For future domain name registrations, SGNIC’s initial email to the administrative contact will contain a special hyper-link that the user can click to login directly to the VerifiedID@SG portal and continue with the verification process (without the need to login via SingPass).
If a newly registered domain name is not verified by the administrative contact within 21 calendar days of registration, the domain name registration will be suspended (i.e. its website and emails will cease to function). When the domain name has been suspended, anyone can seek a temporary extension of the verification due date by 7 days via this link. The due date can only be extended once.
The domain name will also not be renewable until the administrative contact completes the verification process.
The administrative contact can reset the SingPass password through several ways:
· Use an online password reset feature,
· Visit one of the SingPass counters (for on-the-spot reset), or
· Submit an online request; a pin mailer will be sent to the applicant within 4 working days.
For more details, please refer to SingPass website (http://www.singpass.gov.sg).
If the administrative contact cannot obtain the password in time to complete the VerifiedID@SG verification process, the registrant can consider appointing another person as the administrative contact. The registrar of the domain name can assist the registrant to change the administrative contact.
Under SingPass current guidelines, the following groups of users are eligible to apply for SingPass ID:
· Singapore Citizen and Permanent Resident
· Employment Pass and Personalised Employment Pass holders
· EntrePass holders
· S-Pass holders
· Dependant Pass holders (of EP, PEP, EntrePass and S-Pass holders)
· Selected Work Permit Holders
All registrants should appoint a local administrative contact with a SingPass ID. However, under special exceptions listed below, you may ask your administrative contact to apply for a “SGNICID”.
Entities that may apply for SGNICID are:
· A local organisation that is in the business of registering and managing domain names (e.g. registrars, resellers, law firms, etc.) and is managing a sizable number of .sg domain names (to be determined by SGNIC on case-by-case basis) at the point of application;
· A foreign organisation or foreign individual (without a SingPass ID) who is unable to appoint a local administrative contact with a SingPass ID; or
· An entity that, in SGNIC's sole discretion, would require a SGNICID.
Note that all the entities above must have a local presence and valid Singapore postal address in order to be appointed as an administrative contact for .sg domain names.
SGNICID is only issued under exceptional circumstances (please see question 17 for the pre-requisites).
The SGNICID will be issued after SGNIC has verified the true identity of the applicant. To apply for a SGNICID, the applicant will have to submit the completed form (http://verifiedid.sgnic.sg/sgnicid_app.pdf) with the supporting documents (refer to Annex of the form) for pre-screening and approval (email email@example.com or fax to 66592532). SGNIC will make an appointment with the applicant to submit the application and collect the SGNICID in person at SGNIC’s office. The applicant will need to bring along the documents stated in the form.
Whenever there is a change of the identity or contact information of the registrant or a change of the identity of the administrative contact, the administrative contact needs to perform the verification. If the verification is not performed, the domain name cannot be renewed. A check on SGNIC WHOIS for the domain name will show that the verification of the domain name is pending (“VerifiedID@SG-Pending”), and cannot be renewed (“Server Renew Prohibited”).
A. For a contact (registrant or administrative contact) that has specified an identification number (e.g. UEN, NRIC, etc.), a change of identity occurs when there is a change of the identification number. If there is a change of the “name” but not the identification number, the system will not flag it as a ‘change of identity’. This is to cut down the need for identity re-verification by the administrative contact. For example, if a registrant “Joe Pte Ltd” with Unique Entity Number (UEN) 53001111W has changed its name to “Joe (Singapore) Pte Ltd” but the UEN stays the same as 5300111W, it will not be considered as a ‘change of identity’ and the administrative contact need not perform a re-verification.
B. For a contact (registrant or administrative contact) that has not specified an identification number, a change of identity occurs when there is a change of the organisation name (for organisation-type contact) or first/last name (for individual-type contact) or when an identification number is provided. For example, if a registrant “Peter Goh” with no identification number provided updates to his information with NRIC “8012345A” or change his name to “Peter Goh B C”, it will be detected as a change of identity.
A change of contact information occurs when there is a change of the registrant’s address, postal code, telephone number, fax number or email address.
Whenever SGNIC receives a new domain name registration, a change in the identity or contact information of the registrant, or a change in identity of the administrative contact, SGNIC will send an email to the administrative contact to request for him/her to perform the verification. This will only apply to domain names registered from 2 May 2013 onwards. Domain names registered before 2 May 2013 are not affected. Registrants should ensure that the administrative contact is aware that he or she has been appointed as the administrative contact for the domain name and should perform the verification timely.
To ensure that the notification email reaches the administrative contact, registrants have to ensure that the correct email address is provided. Registrants should also ensure that the email address will remain valid for the whole duration of the domain name’s registration period.
Please also see question 24.
No. For domain names registered from 2 May 2013 onwards, as long as there are no changes to the identity or contact information of the registrant or identity of the administrative contact, there is no need to perform verification. For domain names registered before 2 May 2013, there is no need to perform verifications.
Domain names that are pending verification will show a status of ‘VerifiedID@SG-Pending”. (sample screen shot)
If your domain name does not have a ‘VerifiedID@SG-Mandatory” status, it means that the domain name is not subject to the VerifiedID@SG scheme.
SGNIC will display only the name of the administrative contact in the public ‘.sg’ WHOIS. All other details will not be displayed.
You can login to VerifiedID@SG portal, click on the domain name, click "Stop Daily Reminder Email" button at the bottom of the domain details page and click on the "Confirm" button.
The system will stop sending the daily notification email to you.
You can login to VerifiedID@SG portal, click on the domain name, click "Stop Daily Reminder Email" button at the bottom of the domain details page, put a tick on the box which states "(optional) I am NOT the Administrative Contact of this domain name..." and click on the "Confirm" button.
The system will stop sending the daily notification email to you and also notify the domain name registrant and sponsoring registrar to take appropriate actions.