Telcos urged to tighten security measures

MANILA, Philippines — The National Privacy Commission (NPC) is urging telecom firms to strengthen their security measures as it warns the public against rising cases of identity theft.

“A SIM card in the hands of a cyber thief makes mobile authentication meaningless, as it becomes almost like a master key for committing all sorts of identity fraud. It leaves the victim’s personal data vulnerable to all sorts of misuse and abuse, including access to email and Facebook accounts, and unauthorized ATM and online bank withdrawals,” NPC commissioner and chairman Raymund Liboro said.

“As gatekeepers of mobile authentication, we are asking telco providers to upgrade their security measures,” Liboro added.

The NPC said it has prompted Globe Telecom to enforce more stringent subscriber verification protocols to better protect its customers following reports that one of its prepaid mobile users fell victim to identity theft which resulted in the unauthorized access to the customer’s online banking account.

In a recent meeting between NPC complaints and investigation chief Francis Acero and Globe representatives, the agency said Globe has committed to enforce a 24-hour delay in the activation of newly-replaced SIM cards to subscribers who reported a lost or stolen phone, if the prepaid subscriber is unable to present the SIM bed or unable to provide proof of identification in case the prepaid subscriber is a GCash user.

The move is aimed to enable prepaid subscribers who may be victims of a SIM swap scheme ample time to respond to SIM replacement text notifications to the purportedly lost phone numbers and allow the subscriber a chance to cancel a malicious request and deter a mobile identity theft in progress.

In processing SIM replacement requests, Globe said it shall require subscribers to present government-issued identification cards or the original SIM bed as proof of ownership.

“Telco utilities that use their mobile platforms for digital cash, quasi-banking, and money remittance services have ‘Know Your Customer’ or KYC obligations that extend to protecting these clients from those who may defraud them,” Acero said.

Prior to this measure, the NPC said the only security measure Globe provided was to require the person requesting a replacement card for an affidavit attesting to the truth of the loss of the SIM card.

Liboro said this was ineffective in protecting the latest victim from identity fraud.

“We hope to see all telco operators in the country enforcing stringent measures to protect the privacy interests of their subscribers not just against mobile identity thieves but against all sorts of mobile fraudsters. Fraudsters thrive by being one step ahead of the game. Their fertile criminal minds exploit gaps in processing systems to execute their plan. We can beat them to it with more proactive steps like this and reacting quickly to fraud,” he said.