NPC orders Globe to adopt stricter protocols in replacing SIM cards

The National Privacy Commission (NPC) ordered Globe Telecom, Inc. to have stricter protocols in replacing prepaid SIM cards after recent reports of consumers falling victim to identity theft, leading to their online bank account being breached.

In a statement on Tuesday, NPC said Globe committed itself to enforcing a 24-hour delay in the activation of newly-replaced SIM cards to subscribers who had reported a lost or stolen phone.

The delay would be imposed on the following scenarios: if the subscriber failed to present the SIM bed or if the subscriber would be unable to provide proof of identification in case the prepaid subscriber is a GCash user.

This is to enable the victims of a SIM swap scheme enough time to respond whenever they are notified of a request for SIM replacement and therefore stop the identity theft from happening.

In processing SIM replacement requests, NPC said Globe would require subscribers to present government-issued ID cards or the original SIM bed as proof of ownership.

According to NPC, SIM swapping is a modus operandi in which fraudsters illegally obtain from a telco operator a replacement SIM card not belonging to them and then use the number for fraudulent activities.

“A SIM card in the hands of a cyber thief makes mobile authentication meaningless, as it becomes almost like a master key for committing all sorts of identity fraud, said NPC Chairman Raymund Enriquez Liboro.

“It leaves the victim’s personal data vulnerable to all sorts of misuse and abuse, including access to email and Facebook accounts, and unauthorized ATM and online bank withdrawals,” he added. “As gatekeepers of mobile authentication, we are asking telco providers to upgrade their security measures.”

Prior to this, the only security measure Globe provided was to require the person requesting a replacement card for an affidavit attesting to the truth of the loss of the SIM card.

“We hope to see all telco operators in the country enforcing stringent measures to protect the privacy interests of their subscribers not just against mobile identity thieves but against all sorts of mobile fraudsters,” he said.

The commissioner also warned against oversharing personal information on social media.

“Personal identity thieves and fraudsters start their schemes by collecting as much data about you as possible. They could be stalking your Facebook account, sending you phishing emails, or posing as credit card agents asking very detailed personal information,” he said.

“Once these people commit crimes in your name, it can be very difficult to recover,” he added. “Let’s stop feeding these schemers.” /atm

Read more...