SME COMMENTARY
This piece responds to reporting by The Straits Times: "Identity thief forged NRIC and tried to secure $2.9m loan using victim's landed property as leverage."
She was supposed to be the film producer. That was the story, anyway — the reason the woman hung back from the rest of the crew, the reason no one was meant to interrupt her. So she moved through the house quietly, taking measurements, noting the dimensions, room by room.
Except producers don't measure houses. Valuers do.
When the homeowner's partner finally asked her directly, the woman admitted it: she wasn't a producer at all. She had been hired to value a property — this property — for reasons no one in the house had agreed to. That single question, asked on a whim during a photo shoot on April 1, is very likely the only reason the homeowner still owns his home today.
Because behind the shoot was one of the more methodical identity frauds Singapore has seen reported in some time. As The Straits Times laid out, someone had forged the homeowner's NRIC, produced a notice of assessment showing nearly $370,000 in income, and registered companies in his name he had never heard of. They engaged not one but two law firms — to lodge a caveat and to obtain a replacement title deed. And they brought the whole thing to within a single step of drawing down a $2.9 million loan, secured against a Katong house that was never for sale and had been fully paid off since 2018.
The owner found out by accident, when a letter arrived from the Singapore Land Authority.
We want to be careful here: the investigation is ongoing, and no party in this chain set out to enable a crime. But sit with the case for a moment and an uncomfortable question forms — not how was the paperwork so good, but how did it get so far? Because every gate this scheme passed through exists, specifically, to stop exactly this.
This wasn't an amateur
Start with what it took to even attempt this.
The target wasn't a random house. It was a property with clean title and no mortgage — fully paid up since 2018 — which is precisely the kind of asset that is straightforward to borrow against. On top of that sat a manufactured income, a corporate footprint, an arranged valuation, and the two legal instruments that turn a home into collateral: a caveat and a replacement deed. Each step was done in a workable order, at the right time.
That is not something you improvise. It reads like the working knowledge of someone who understands how property-backed lending actually runs — which documents a lender scrutinises, and which ones tend to pass with a glance. We're inferring here, not asserting; the case is under investigation and we don't know who did this. But the shape of it points to familiarity with the loan industry itself. When the person on the other side of the table may understand your process as well as you do, the problem isn't a clever forgery. It's the assumption that paperwork can be trusted on its face.
Two victims, not one
It's worth pausing to be clear about who was harmed, because the case involves two separate victims — and the second one is easy to miss.
The first is the homeowner. His identity was used, his property targeted, his name attached to the loan.
The second is a woman the homeowner has never met. According to the reporting, her own company was compromised: the homeowner's details were added to her business as a director and shareholder without her knowledge or notification. So one victim's identity and property were used to borrow, while another victim's company appears to have been quietly co-opted as the corporate vehicle sitting around the scheme. Two strangers, two different breaches, one operation stitching them together.
That detail matters, because it tells you the fraud relied on more than a single forged card. And it raises a feature of our system that should give every business owner pause: your name can be attached to a company without you ever being told. The homeowner learned of "directorships" he never agreed to. The second victim wasn't notified when his details landed on a company she had registered.
ACRA's framework has real safeguards, but each rests on an assumption worth examining. Changes filed through Bizfile — incorporating a company, appointing a director, updating shareholders — can be authenticated and change via Singpass. That is a strong control, in principle. But it is also the vulnerability: because virtually any change can be pushed through with a valid Singpass login, a compromised credential is enough to make those changes in a person's name, and the system will register the action as genuine. The alternative route, through a registered corporate service provider, leans instead on the CSP performing due diligence and obtaining the director's written consent. Both are designed to confirm real consent. But one trusts a digital credential and the other trusts a manual check — and a determined fraudster simply works out which is softer.
Follow the money — if you can
Here is the question almost no one is asking, and the one we keep coming back to: where was the $2.9 million actually going to go?
A loan this size isn't handed over in cash. It's wired into a corporate bank account. And in Singapore today, you don't open one of those by walking into a branch with a laminated card — increasingly, you open it online, through MyInfo Business, which pulls the company's details and its directors' identities straight from government records via Singpass. The whole system is built to authenticate the real director, digitally, before a cent moves.
Which is exactly why this should be the stage where the scheme falls apart. So why didn't it?
Follow the thread and it leads somewhere unsettling. If a corporate account really was opened in a victim's name to catch the funds, a forged plastic NRIC was never going to be enough — MyInfo Business would have demanded a live Singpass login. And remember the second victim, the woman whose company had the homeowner quietly added as a director. That company is a natural candidate for the receiving vehicle. So whose Singpass cleared the account? One of theirs — used in the dark, while they had no idea their digital identity was being driven by someone else?
We can't answer that, and we won't pretend to. But the possibilities are narrow, and none of them is comfortable:
A victim's Singpass was compromised and used through MyInfo Business to e-open a corporate account remotely — no branch visit, no face-to-face, just credentials. That would point to a breach far deeper than a forged card.
The account ran through one of the companies already registered, including the second victim's, primed to receive the proceeds.
A potential separate receiving account further down the chain was waiting to take the funds.
Whichever it was, the lesson for lenders is the same. The disbursement account is the chokepoint — the one stage of this that is genuinely hard to fake, unless the digital identity behind it has already been stolen. So ask the hard questions before the money moves: who controls this account, when was it opened, and have we confirmed — independently — that the human behind it is the human on the loan? And if the account looks suspiciously clean? That might not be reassurance. That might be the tell.
Nobody stood in the room
A valuer got inside the house. Lawyers filed the instruments. But here's what we keep wondering: did anyone on the lender's side ever stand in that home and look the borrower in the eye?
A site visit is one of the cheapest safeguards there is, and there's a strong case for doing it twice — once when the case is first assessed, to meet whoever is presenting as the owner and see the property, and again at signing, conducted at the subject property itself rather than in a lawyer's office or a coffee shop.
Picture how fast this unravels if signing happens inside the Katong house. The real owner is there. The antiques are his. The face doesn't match the forged NRIC — the document reportedly showed a bespectacled man, and the owner doesn't wear glasses. Months of careful forgery come undone in a five-minute conversation on the doorstep. The valuer made it into that house under false pretences. The question is why a lender's own eyes never did.
How lenders ringfence this
We don't believe in admiring a problem, so here's what we'd treat as the baseline — not aspiration, but practice.
Verify identity digitally, not on paper. For property-backed loans of any real size, Singpass-based verification with facial recognition is a far stronger foundation than a physical document. This is why, at SmartLend, we verify our borrowers via Singpass. It isn't foolproof — as this case shows, a digital identity can itself be stolen — but it's a meaningful first ringfence that a forged card alone cannot clear. It also shuts a second door: a verified borrower's income can be drawn straight from the authoritative source, which would have flagged that fabricated $370,000 notice of assessment for exactly what it was. Income confirmed through a live Singpass session doesn't match a forged one. And if a borrower can't, or won't, complete that verification — that itself is worth noting.
Stand in the room. Twice. Meet the borrower at the property, at assessment and again at signing. A lender whose only physical look at the asset is outsourced to a third-party valuer is, in a real sense, lending blind.
Treat the disbursement account as a control, not a formality. Confirm independently that the receiving account is controlled by the verified borrower, and note when and how it was opened. This is the chokepoint — guard it like one.
Check the corporate story against the human. An income that rests entirely on companies incorporated in the last year or two, with no operating history you can independently verify, deserves more scrutiny, not less.
Assume the counterparty may know your process. Designing your checks as though the borrower understands your internal steps isn't cynicism. As this case suggests, sometimes they do.
The honest takeaway
The homeowner reportedly described himself as both unsettled and almost amazed at how far the scheme travelled — through a registry, a bank's processes, two law firms, a credit company. The reaction makes sense.
But here's how we'd put it. This wasn't a brilliant crime that outwitted a careful system. It was an ordinary crime that found a system running on trust at every gate — and every one of those gates exists to stop precisely this. The forgery was good. It didn't need to be that good.
None of this is about blame; the investigation will sort out responsibility, and we've been careful not to get ahead of it. It's about the lesson, which is simple enough: documents lie, and the defences that actually hold are the ones that confirm a real person — digitally and in the room — before money moves.
At SmartLend, we don't see due diligence as friction to apologise for. We see it as the product. The safest way to lend is to assume the person across the table might know exactly where your weaknesses are — and to build every ringfence as though, one day, someone will.
Source: The Straits Times, "Identity thief forged NRIC and tried to secure $2.9m loan using victim's landed property as leverage." Read the original report here. All factual details about the case are drawn from this reporting; the analysis, inferences and recommendations are SmartLend's own.
Need financing support for your SME? Visit smart-lend.com — no broker fees, ever.
Your Loan Profile Is Costing You — Find Out Why, Free
SmartLend gives you free access to your CBS credit report + a full eligibility check across 45+ lenders — in one application, zero broker fees.
See exactly where you stand before any bank does.
Someone just spent $236,000,000 on a painting. Here’s why it matters for your wallet.
Late last year, a Klimt sold for the highest price ever paid for modern art at auction.
An outlier sure, but it wasn't a fluke. U.S. auction sales grew 23.1% in 2025. The $1-5mm segment even grew 40.8% YoY.
Meanwhile, Apollo’s chief economist Torsten Slok said to expect ‘zero in return in the S&P 500 over the coming decade.’
Each environment is unique, but after dot-com, post war and contemporary art grew about 24% annually for a decade. After 2008, about 11% for 12 years.
It’s also had near-zero correlation with the S&P 500 since ‘95.*
Now, Masterworks lets you invest in shares of artworks featuring legends like Banksy, Basquiat, and Picasso.
$1.3 billion invested across over 500 artworks.
28 sales to date.
Net annualized returns on sold works held 12 months+ like 14.6%, 17.6%, and 17.8%.
Shares can sell quickly, but my subscribers can skip the waitlist:
*Investing involves risk. Past performance is not indicative of future returns. See important Reg A disclosures at masterworks.com/cd.
We've partnered with GetGreenr — because building a smarter financial future starts with a smarter planet.
As a business owner, your office is likely sitting on a quiet cost centre you haven't thought about — outdated laptops, retired terminals, old mobile devices cycling out of use.
Instead of writing them off, our partners at GetGreenr offer a smarter exit for your old equipment. GetGreenr is a Singapore-based startup that collects end-of-life corporate electronics, refurbishes them responsibly, and gives them a certified second life — diverting e-waste from landfills while recovering residual value for your business.
At SmartLend, sustainability isn't just a buzzword — it's increasingly a business imperative, and one that starts with the decisions you make every day. Partnering with GetGreenr is one of the simplest ways your company can take a measurable step towards greener operations, with zero hassle. Ready to clear out your old office tech responsibly?
Here's how it works:
📦Schedule a collection for your old devices
💰 Get paid for eligible electronics
♻️ Your device gets certified refurbished and rehomed
No hassle. No guilt. Just a cleaner conscience and a little extra cash.




