1. Under the E-Commerce Code of the Online Criminal Harms Act (OCHA), Carousell has completed its user verification pilot from July 2024 to June 2025 and has committed to implement additional safeguards targeted at preventing the misuse of verified Carousell accounts for scams.
Background
2. Under the E-Commerce Code, Carousell is required to verify users who advertise or post about the sales of goods and/or services against Government-issued records (“enhanced verification”). Carousell conducted enhanced verification on selected high-risk sellers and advertisers between 1 July and 31 December 2024. On 10 March 2025, the Ministry of Home Affairs (MHA) extended the assessment period of Carousell’s user verification pilot for six months till 30 June 2025. MHA had highlighted that if the number of e-commerce scams on Carousell did not drop significantly over the pilot, MHA would require Carousell to verify the identities of all sellers.
Assessment of Carousell’s Enhanced Verification Measures
3. While the number of reported e-commerce scams on Carousell increased by about 9% between April and June 2025 from the same period last year,[1] there was a 36% decrease in the total reported scams on Carousell.[2] Based on the Singapore Police Force’s investigations, scammers increasingly used Singpass-verified Carousell accounts to perpetrate scams. They gained access to these verified accounts, by:
a. Taking control of verified accounts through malicious means (e.g. phishing of login details);
b. Paying Carousell users to relinquish their verified accounts; or
c. Using stolen or purchased Singpass credentials to verify Carousell accounts.
4. To address this, Carousell has committed to implement the following additional safeguards targeted at preventing the misuse of verified Carousell accounts for scams by 31 January 2026:
a. Improve authentication processes to prevent malicious takeovers (e.g. more secure login options, such as passkey and biometric logins);
b. Suspend accounts detected to have been relinquished to scammers; and
c. Blacklist Singpass credentials used to verify suspended scam accounts from verifying new accounts.
5. MHA will continue to monitor the effectiveness of Carousell’s measures in reducing the number of e-commerce scams and direct Carousell to implement additional measures, if necessary.
6. MHA takes a serious view of the abuse of Singpass accounts. The Police will take enforcement action against Singpass mules if they are found to have abused their Singpass credentials to facilitate scams. MHA is also considering legislating new offences to better act against users who wilfully relinquish Singpass-verified online accounts for criminal purposes.
[1] From April to June 2025, the number of e-commerce scams on Carousell increased to 513 cases, from 470 cases in the same period in 2024.
[2] From April to June 2025, the total number of scams on Carousell dropped to 720 cases, from 1,125 cases in the same period in 2024.
Details of Online Criminal Harms Act Code(s) of Practice
