We respectfully urge the authorities and the banking industry to pause and reconsider the removal of PayNow nicknames for individual users, currently announced to take effect from 6 June 2026.

The Association of Banks in Singapore (ABS) has announced that PayNow nicknames will be discontinued, and that selected letters of a payee’s bank-registered account name will be shown to the payer instead. ABS has said this is intended to strengthen protection against impersonation scams by preventing scammers from using misleading PayNow nicknames. ABS also states that partial masking is meant to safeguard privacy and add friction against name harvesting.

We support stronger anti-scam measures. However, this specific change appears counterintuitive and may create a new privacy and scam risk for ordinary Singaporeans.

PayNow works by allowing transfers using identifiers such as a mobile number, without needing to know the recipient’s bank account details. ABS’s own PayNow page states that users can transfer by entering a recipient’s mobile number or NRIC/FIN, and then verify the recipient’s name before confirming the transfer.

This means PayNow is not only a payment system. It can also function as a lookup system. If a person has someone’s mobile number, they may be able to enter it into PayNow and see part of that person’s bank-registered name.

THAT is the core concern.

Under the current system, users who value privacy can choose a nickname. This provides complete masking of their real registered name from casual lookup. Under the proposed system, users lose that choice. Instead, their bank-registered name will be partially revealed by default.

Partial masking is not the same as privacy.

In the examples circulated, names such as “MuhamXXX HakXXX” and “ChXX ShX HuX” are not hard to infer as “Muhammad Hakeem” and “Chan Shi Hui”. For short names, the issue becomes even worse. A name like “John Tan”, “Lim Wei”, “Tan Kai”, or “Lee May” may be almost impossible to meaningfully mask without giving away the full name or making it easily guessable.

With modern AI tools, common Singaporean name patterns, and basic search techniques, partially masked names can often be reconstructed. For many people, especially those with common names, partial masking gives a scammer enough information to sound credible.

This is why the proposed approach may weaken one of the most basic anti-scam habits: do not reveal or confirm personal information unless the other party first proves they already have a legitimate reason to know it. Singapore’s official scam advisories already warn that scammers may cite personal information, such as names or NRIC numbers, to appear legitimate, and that people should not automatically trust someone just because the caller has such information.

But if PayNow makes it easier for scammers to connect mobile numbers with real bank-registered names, scammers can begin calls and messages with a much more convincing opening:

“Hi, is this Ms Chan Shi Hui?”
“Hi Muhammad Hakeem, I’m calling from…”
“Hi Mr Tan, this is regarding your account…”

This makes scam calls, fake friend scams, impersonation scams, phishing attempts, and WhatsApp scams more convincing.

Many data leaks and compromised databases already include mobile numbers. In many cases, the name in a leaked database may be incomplete, outdated, misspelled, or an alias, but the mobile number is often real because it is used for OTPs, delivery, bookings, accounts, and customer service. The proposed PayNow change may give scammers a new way to enrich such leaked data by tying a phone number to a bank-registered real name.

Members of the public have already raised this exact concern online. In one Reddit r/singapore discussion about the PayNow change, a user noted that a scammer could key a number into PayNow, obtain enough of the real name, and then call or message the person by name to appear more legitimate.  In another earlier discussion, users described concerns about strangers using PayNow-related name displays to identify or message them.

Even UOB’s PayNow page previously advised users: “For cyber security reasons, please do not use your full name as your PayNow name.”  This advice aligns with what many Singaporeans already understand: displaying one’s full real name in a payment lookup flow can create privacy and scam risks.

The current proposal removes the user’s ability to follow that protective approach.

The problem is not that anti-impersonation measures are unnecessary. The problem is that this measure solves one problem by creating another. A scammer pretending to be a business or trusted person should not be allowed to freely set a deceptive PayNow nickname. But ordinary Singaporeans should also not be forced to expose parts of their bank-registered name to anyone who has their mobile number.

This is especially concerning for:

•  people receiving unwanted calls or messages;
•  minors and young adults;
•  public-facing workers;
•  gig workers and freelancers;
•  people selling items online;
•  people using PayNow with strangers on Carousell, Telegram, WhatsApp groups, or community chats;
  victims of harassment or stalking;
•  people who intentionally use nicknames for safety and privacy;
•  people with short or easily guessable names.

We therefore ask the Government, MAS, ABS, and participating banks to reconsider the current implementation and adopt a more privacy-preserving solution.

 

Our Requests
We respectfully ask for the following:

• Pause the 6 June 2026 implementation until a public consultation or privacy impact review is conducted.
• Retain PayNow nicknames for individual users, or allow users to choose complete masking of their real registered name.
• Give users control over name visibility, such as: full name display, partial name display, nickname display, initials only.

The goal should not be “more information shown to everyone”. The goal should be safe payment confirmation without creating a public name-discovery tool.

Please protect Singaporeans from both impersonation scams and personal data exposure.

Keep PayNow nicknames, or provide a complete masking option before removing them.