Last month, the cybercrime chief of the National Bureau of Investigation (NBI) played a video of his agents successfully registering a fake PhilHealth ID through a portal of Globe Telecom Inc. While these sorts of tests are routine at the NBI, this particular vulnerability stood out enough for Senator Grace Poe to call it an outright “insult”. The video in question: NBI agents using a photo of a smiling monkey to successfully bypass the SIM Registration Act.
All this took place during a Senate public services committee hearing into the proliferation of text scams in the country. During the hearing, NBI cybercrime chief Jeremy Lotoc presented the video in question to an audience of lawmakers and private sector partners, including representatives from Globe Telecom.
“It is adding insult to injury that a smiling monkey can register a SIM card,” said Sen. Grace Poe. “It’s looking like what we have now is not really sufficient. We will have to go back to the drawing board.”
NTC’s Measures Against Scams
Republic Act 11934, popularly known as the SIM Registration Act, was signed into law in October 2022 to combat cybercriminal activities and safeguard Filipinos against digital crimes. This law came in response to the still ongoing waves of text scams in the country.
Almost exactly one year ago, the NTC directed telecommunications companies to block or deactivate domains and URLs contained in scam messages. This proactive approach has shown significant results.
From January to June 2023, Globe blocked approximately 2.2 billion scam messages, while PLDT and Smart Communications collectively thwarted over 5 million malicious text messages in February alone. Alarmingly, PLDT reported that more than 200,000 of those messages were attempts to access content supporting online sexual abuse and exploitation of children. As the year progressed, Smart blocked 10 billion attempts to access malicious domains during the first half of 2023.
Flaw in SIM Card Registration
However, the most recent experiment conducted by the NBI’s Cybercrime Division on September 5 revealed a critical flaw in the country’s SIM card registration system. The experiment successfully registered SIM cards using fake IDs featuring the image of a smiling monkey. This, in turn, raised questions about the system’s effectiveness in combating fraud and cybercrimes.
Additionally, on September 14, Information Technology expert Mike Santos registered a Globe SIM in less than three minutes using an image of the cartoon character Bart Simpson from the animated series “The Simpsons.” A similar test with a Smart SIM yielded the same result, with the photo and name of Monkey D. Luffy, a character from the Japanese manga series “One Piece.”
These findings expose a significant vulnerability in the registration process, allowing fake government IDs to be used for SIM card registration. This poses a considerable challenge for authorities in their efforts to trace and identify individuals involved in scams and fraudulent activities, despite the existence of the SIM Registration Act.
Moreover, since the enactment of the law, scammers have adapted their tactics to evade detection and prosecution by sending registered SIM cards a text message stating they need to re-register with the provided link, further complicating efforts to curb fraudulent activities.
Need for Extra Effort
Senator Grace Poe, author and sponsor of the SIM Registration Act, emphasized that the end of SIM registration should signal an intensified crackdown on mobile phone scammers.
Building on a suggestion by Senator Poe, NTC Commissioner Ella Blanca Lopez announced on September 19 that her office issued a memorandum order requiring a live selfie when registering a SIM card, ensuring that those registered are legitimate users. Telecommunications companies have until December 18 to install the necessary technology for live selfies.
However, there is still work to be done. Poe expressed her concerns, stating, “Gumawa tayo ng batas pero mukhang nagkukulang sa implementasyon,” (We made a law, but it seems like there is a lack in implementation). Nearly 114 million SIM cards were registered after the seven-month registration that ended on July 25. But, with recent raids on alleged cyber scam hubs uncovering pre-registered SIMs used in illegal money transfers, Poe emphasized that the problem is not in the law, but in enforcement. She called on authorities to go the extra mile in implementing the law and urged companies to improve their verification process to prevent scammers from misusing SIM cards.
Recommendations for Enhanced Security
As Scam Watch Pilipinas mentioned, “It’s crucial to recognize that the fight against scams in the Philippines is not just a legislative or governmental issue; it’s a community concern that affects us all.” Below are some recommendations gathered to enhance the current system.
- Biometric Verification. Globe recognizes the need to implement a more sophisticated identification solution. Implementing robust biometric verification, such as fingerprints, during SIM card registration can reduce the risk of fake government IDs.
- Strict Enforcement. Adequately enforce the deactivation of unregistered SIM Cards after the registration deadline, and ensure that registered SIMs linked to fraudulent activities are traceable and promptly blocked. Globe acknowledges that effective law enforcement and intelligence that can keep up with cyber criminal activities must also be placed to achieve a scam-free Philippines.
- Increase Penalties. Imposing stricter penalties for sending scam messages to deter potential scammers from engaging in illegal activities.
- Improve Reporting Mechanism. Encourage telecommunications companies, banks, and financial institutions to establish user-friendly reporting mechanisms, such as dedicated hotlines and online portals, to report scams and fraudulent activities.
- National ID System. Pushing for the full establishment and implementation of the national ID system would mitigate the use of various government-issued IDs while hastening the tracking system of fraudulent activities. Atty. Froilan Castelo, General Counsel of the Globe Group, emphasized the need for a national database system for verification, efficiency, and accuracy purposes.
- Public Awareness Campaigns. Raise awareness about the dangers of scams and promote community vigilance to protect individuals from falling victim to scams.
- Digital Literacy Education. Include digital literacy and cyber hygiene in the curriculum for students and offer training programs for vulnerable groups, such as OFWs, senior citizens, healthcare professionals, and SMEs.
- Higher Payment for the 4th SIM Card. Following on with the suggestion of Senator Francis Tolentino, imposing a higher cost for the registration of a fourth SIM card can deter text scammers who often acquire multiple SIM cards for their illegal activities.