9. Will the administrative contact be held accountable if the registrant’s identity or contact information (i.e. address, postal code, telephone number, fax number and email address) turns out to be inaccurate, incomplete, or even false?
VerifiedID@SG requires the administrative contact of a ‘.sg’ domain name to verify the identity and contact information of the registrant. VerifiedID@SG is aimed at mitigating the use of fake information associated with a ‘.sg’ domain name registration, which will in turn minimise the abuses of the domain name and further enhance the trust among the users of .sg websites.
VerifiedID@SG requires all new .sg domain names registered from 2 May 2013 to undergo compulsory verification using SingPass/CorpPass. The verification is to be carried out by the administrative contact of a domain name to verify the identity and contact information of the registrant. The verification involves two steps:
(b) click on a “Verify Identity” button. (sample screen shot)
The administrative contact will be given a grace period of 21 calendar days from the date of registration to verify the registrant’s identity and contact information. If the administrative contact has not done this after the grace period, SGNIC will suspend the domain name.
As an exception under specific conditions, registrants who are unable to arrange for individuals/organisations who possess a SingPass ID/CorpPass ID to act as an administrative contact can appoint an organisation with a valid “SGNICID” as the administrative contact. For details, see question 19.
Domain names registered from 2 May 2013 onwards will be subject to the scheme*.
(Effective from 19 April 2020) Domain names registered before 2 May 2013 will be subject to the scheme* once the identity or contact information of the registrant is changed.
If SGNIC has doubts over the registrant's authenticity of any domain name that is not subject to the scheme, SGNIC may require the administrative contact to verify the identity of the registrant.
* Subject to the scheme requires administrative contact to perform first verification for the name; and subsequent verification(s) as and when there is change in the identity or contact information of the registrant, or a change in identity of the administrative contact on the domain name.
VerifiedID@SG was implemented on 2 May 2013. In view of the inconvenience that the large pool of existing registrants (with domain names registered before 2 May 2013) will face if they are required to replace existing administrative contacts with administrative contacts with SingPass/CorpPass IDs, SGNIC will not mandate VerifiedID@SG for such registrants until there is a change of such registrants' identity or contact information. Nevertheless, if SGNIC has doubts over the identity of any existing registrants, SGNIC may subject the domain names to verification via the VerifiedID@SG scheme on a case-by-case basis. SGNIC may extend the scheme to all existing domain names if deemed necessary.
To check if your domain name falls under the scheme, you can perform a WHOIS search via http://www.sgnic.sg on the domain name. If your domain name does not have a ‘VerifiedID@SG-Mandatory” status, it means that the domain name is not subjected to the VerifiedID@SG scheme until there is change of the domain name registrant's identity or contact information.
All domain names have to be registered by real organisations or individuals. By registering, they are in turn responsible for the safe and lawful use of the domain names.
Some of the ‘.sg’ registrants are foreign organisations. At the moment there is no convenient system or method for foreign organisations to verify their identity online. For the registrants to prove their identities, one way is for them to provide paper-based documentary proof, such as the company registration certificates and personal identity documents. This process, however, is time-consuming, and creates inconvenience for registrants.
Each .sg domain registration requires a Singapore administrative contact. Entities in Singapore can conveniently be identified online using SingPass or CorpPass because Singapore citizens, PRs and foreigners working in Singapore could have been issued with a SingPass ID, and CorpPass ID could be issued to businesses and various other types of organisations in Singapore. An entity with SingPass or CorpPass ID can thus act as the administrative contact for a ‘.sg’ domain name and assist in verifying the identity and contact information of the registrant via a convenient online process.
Yes, he can. He should however act as the administrative contact since the system is designed for the administrative contact to verify the identity and contact information of the registrant. This will help simplify the communications and workflow for all parties (registrants, registrars and SGNIC) and minimise any potential confusion.
As an administrative contact, his obligation is to exercise due diligence to check the identity and contact information of the registrant and confirm that it is true. In the event that a domain name is found to be abused for undesirable activities (e.g. fraud) and the identity or contact information of the registrant is incorrect, the administrative contact may be asked to assist SGNIC or any other relevant authority in their respective investigations.
No, provided that he can show that he has exercised due diligence to check the accuracy of the identity and contact information of the registrant. In this case, SGNIC will need his assistance in its investigation.
Where SGNIC believes that the administrative contact has made a false declaration or has provided false, misleading or inaccurate information, SGNIC may bar the administrative contact from performing the task for any new .sg domain name.
No. Registrants themselves are accountable for the proper usage of domain names including the content that is displayed on the website.
Among the many domain name registries in the world, the industry norm is to allow an applicant to register domain names online. Traditionally, registries trust that the applicant has provided accurate and complete registration details such as his identity and contact information. Unfortunately, some applicants abuse this trust and engage in identity theft or provide fake information. Such fake registrations can potentially harm the Internet community. They are often pre-cursors to using the domain names in malicious ways (such as malware distribution, phishing or scams) or any act of misconduct. In addition, in cases of identity theft, the victimised party whose identity has been stolen often suffer the inconvenience and distress of having to prove his innocence.
As Internet applications continue to grow, so does the possibility for abuses in domain names. As more people rely on the Internet for work and leisure, identity theft and fake identity is a growing concern among domain name registries globally.
An effective way of preventing identity theft and fake identity is to require the applicant of a domain name to provide paper-based documentary proof, such as the company registration certificate and personal identity documents before accepting the domain name application; This is a time-consuming process. Not only will it slow down registrations but also creates inconvenience for registrants and registrars. A convenient and highly accessible way is to allow verification to take place online for most of the registrations.
SGNIC registration system is able to leverage on “SingPass” (Singapore Personal Access) and “CorpPass” (Singapore Corporate Access) to know the identity of the administrative contact of the domain name. The administrative contact can verify the identity and contact information of the registrant and be contacted by SGNIC in its investigations into any inaccurate or false information about the registrant.
When you apply for a new domain name from 2 May 2013 onwards, you will need to provide details of an individual-type administrative contact that has a valid SingPass ID (i.e. Singapore NRIC or FIN)* or an organisation-type administrative contact that has a valid Unique Entity Number (UEN)**.
The administrative contact must, within 21 calendar days from the date of registration, complete the verification process via the VerifiedID@SG Portal. This can be done by the administrative contact via two ways:
a. Click on the link in an email that will be sent by SGNIC to the administrative contact’s email (sample screen shot), or;
b. Go to VerifiedID@SG portal directly at URL: http://verifiedid.sgnic.sg
*Please note that ‘personalised’ SingPass ID, implemented under the Enhanced SingPass, cannot be accepted because the ‘personalised’ SingPass ID is designed to be accepted only during the SingPass login process within SingPass’s authentication system. E-services such as SGNIC’s system can only accept SingPass ID in the format of Singapore NRIC or FIN. Please also see question 16 on who is eligible for a SingPass ID.
**Please note that the “UEN” of the organisation, instead of a “CorpPass ID” linked to the organisation, should be provided in the administrative contact because CorpPass ID is designed to be used only during the CorpPass login process within CorpPass’s authentication system to identify which user is designated by the organisation to transact with the e-service. Please also see question 17 on who is eligible for CorpPass.
It should take less than 5 minutes to perform the verification. The process entails a two-step process:
(2) Click on a button to verify the registrant’s identity and contact information upon confirming that the details are accurate. (sample screen shot)
An administrative contact who has proven his online identity via a successful SingPass/CorpPass login can have a more direct one-step verification process for future domain name registrations. To have this added convenience, the administrative contact must add his email to the list of ‘authorised email’ in the VerifiedID@SG portal (after successful login via SingPass/CorpPass). For future domain name registrations, SGNIC’s initial email to the administrative contact will contain a special hyper-link that the user can click to login directly to the VerifiedID@SG portal and continue with the verification process (without the need to login via SingPass/CorpPass).
If a newly registered domain name is not verified by the administrative contact within 21 calendar days of registration, the domain name registration will be suspended (i.e. its website and emails will cease to function). When the domain name has been suspended, anyone can seek a temporary extension of the verification due date by 7 days via this link. The due date can only be extended once.
The domain name will also not be renewable until the administrative contact completes the verification process.
To reset the SingPass password, please visit to SingPass “Reset Password” page <here>.
To reset the CorpPass password, please visit to CorpPass “Reset Password” page <here>.
If the administrative contact cannot obtain the password in time to complete the VerifiedID@SG verification process, the registrant can consider appointing another person as the administrative contact. The registrar of the domain name can assist the registrant to change the administrative contact.
Under SingPass current guidelines, the following groups of users are eligible to apply for SingPass ID:
· Singapore Citizen and Permanent Resident
· Employment Pass and Personalised Employment Pass holders
· EntrePass holders
· S-Pass holders
· Dependant Pass holders (of EP, PEP, EntrePass and S-Pass holders)
· Selected Work Permit Holders
Under CorpPass current guidelines, the following group of entities is eligible to apply for CorpPass ID:
· Local Entities with Unique Entity Number (UEN) - Locally registered organisations that have been issued a UEN by the Accounting and Corporate Regulatory Authority (ACRA) or other UEN-issuance agency.
To find out more and learn about CorpPass, visit the CorpPass “Find Out More” page <here>.
Should you require further support on CorpPass, please visit the CorpPass “FAQ” page <here>.
To learn more about CorpPass functionalities and how to use them, you may view CorpPass step-by-step guides and video guides <here>.
All registrants should appoint a local administrative contact with a SingPass ID or CorpPass ID. However, under special exceptions listed below, you may ask your administrative contact to apply for a “SGNICID”.
Entities that may apply for SGNICID are:
· A local organisation, without a CorpPass ID and is in the business of registering and managing domain names (e.g. registrars, resellers, law firms, etc.) and is managing a sizable number of .sg domain names (to be determined by SGNIC on case-by-case basis) at the point of application;
· A foreign organisation or foreign individual (without a SingPass ID or CorpPass ID) who is unable to appoint a local administrative contact with a SingPass ID or CorpPass ID; or
· An entity that, in SGNIC's sole discretion, would require a SGNICID.
Note that all the entities above must have a local presence and valid Singapore postal address in order to be appointed as an administrative contact for .sg domain names.
SGNICID is only issued under exceptional circumstances (please see question 19 for the pre-requisites).
The SGNICID will be issued after SGNIC has verified the true identity of the applicant. To apply for a SGNICID, the applicant will have to submit the completed form (http://verifiedid.sgnic.sg/sgnicid_app.pdf) with the supporting documents (refer to Annex of the form) for pre-screening and approval (email firstname.lastname@example.org or fax to 66592532). SGNIC will make an appointment with the applicant to submit the application and collect the SGNICID in person at SGNIC’s office. The applicant will need to bring along the documents stated in the form.
Whenever there is a change of the identity or contact information of the registrant or a change of the identity of the administrative contact, the administrative contact needs to perform the verification. If the verification is not performed, the domain name cannot be renewed. A check on SGNIC WHOIS for the domain name will show that the verification of the domain name is pending (“VerifiedID@SG-Pending”), and cannot be renewed (“Server Renew Prohibited”).
A. For a contact (registrant or administrative contact) that has specified an identification number (e.g. UEN, NRIC, etc.), a change of identity occurs when there is a change of the identification number. If there is a change of the “name” but not the identification number, the system will not flag it as a ‘change of identity’. This is to cut down the need for identity re-verification by the administrative contact. For example, if a registrant “Joe Pte Ltd” with Unique Entity Number (UEN) 53001111W has changed its name to “Joe (Singapore) Pte Ltd” but the UEN stays the same as 5300111W, it will not be considered as a ‘change of identity’ and the administrative contact need not perform a re-verification.
B. For a contact (registrant or administrative contact) that has not specified an identification number, a change of identity occurs when there is a change of the organisation name (for organisation-type contact) or first/last name (for individual-type contact) or when an identification number is provided. For example, if a registrant “Peter Goh” with no identification number provided updates to his information with NRIC “8012345A” or change his name to “Peter Goh B C”, it will be detected as a change of identity.
A change of contact information occurs when there is a change of the registrant’s address, postal code, telephone number, fax number or email address.
The following scenarios will trigger an email to the administrative contact that requires him/her to perform first verification for the name:
For names registered on or after 2 May 2013:
· New domain name registrations
(Effective from 19 April 2020) For names registered before 2 May 2013:
· Change in identity of registrant
· Change in contact information of registrant
After the first verification, a subsequent change in the identity or contact information of the registrant, or a change in identity of the administrative contact on all domain names could trigger an email to the administrative contact to request for him/her to perform the verification again.
Registrants should ensure that the administrative contact is aware that he or she has been appointed as the administrative contact for the domain name and should perform the verification timely.
To ensure that the notification email reaches the administrative contact, registrants have to ensure that the correct email address is provided. Registrants should also ensure that the email address will remain valid for the whole duration of the domain name’s registration period.
Please also see question 26.
No. As long as there are no changes to the identity or contact information of the registrant or identity of the administrative contact, there is no need to perform verification.
Domain names that are pending verification will show a status of ‘VerifiedID@SG-Pending”. (sample screen shot)
If your domain name does not have a ‘VerifiedID@SG-Mandatory” status, it means that the domain name is not subject to the VerifiedID@SG scheme.
SGNIC will display only the name of the administrative contact in the public ‘.sg’ WHOIS. All other details will not be displayed.
You can login to VerifiedID@SG portal, click on the domain name, click "Stop Daily Reminder Email" button at the bottom of the domain details page and click on the "Confirm" button.
The system will stop sending the daily notification email to you.
You can login to VerifiedID@SG portal, click on the domain name, click "Stop Daily Reminder Email" button at the bottom of the domain details page, put a tick on the box which states "(optional) I am NOT the Administrative Contact of this domain name..." and click on the "Confirm" button.
The system will stop sending the daily notification email to you and also notify the domain name registrant and sponsoring registrar to take appropriate actions.