Regulatory Update: Discontinuation of NRIC Numbers for Authentication

Dear Valued Clients and Partners,

The Monetary Authority of Singapore (MAS), supported by a joint advisory from the Personal Data Protection Commission (PDPC) and Cyber Security Agency of Singapore (CSA), along with a statement from the Ministry of Digital Development and Information (MDDI), requires private sector organisations to stop using full or partial NRIC numbers for authentication and passwords by 30 June 2026. MAS and sector regulators are working with industries such as finance, healthcare, and telecommunications to provide tailored guidance on implementing this change.

Why the update?

‍NRIC numbers, while usable for identification, should not be used for authentication as they are permanent, often publicly known, and vulnerable to misuse. Using them as passwords or combined with personal data increases risks of impersonation, identity theft, and breaches.

What should you do?

• Organisations: Review and update authentication systems to remove NRIC reliance (e.g phase out NRICs as login credentials, default passwords, or part of password combinations).

• Individuals: Do not use NRIC numbers (or combinations like NRIC + birthdate) in any form of password or login, and enable two-factor authentication wherever possible to secure your accounts.

FOMO Pay does not use NRIC numbers for authentication. We fully support these efforts to strengthen data security across the industry. At FOMO Pay, we remain committed to best practices in data protection and cybersecurity.

Thank you for staying informed and secure with us.

FOMO Pay Team

‍