How many of us receive text messages from unknown numbers promising quick cash or claiming that our bank accounts are on hold? We are then asked to click a link to collect a prize or regain our account access.
We know the motive behind these messages very well: they’re social engineering schemes that seek to deceive us into giving out sensitive information that scammers can use to access our accounts. Unfortunately, many Filipinos fall prey to these scams.
In 2022, Kaspersky Security Network reported that the Philippines ranked second among countries most attacked by Web threats worldwide. The report further disclosed that the most preferred attack method includes social engineering schemes.
It’s clear that cyber scams remain rampant in the country. Where do we go from here?
Assessing the SIM Registration Act
A holistic approach to addressing cyber scams is important. In the banking industry, we implement measures that secure our customers’ data, and we constantly inform the public about the latest scams for awareness.
We have also known that these efforts alone are not enough – we need new laws in fighting financial cybercrimes. One such legislation that has sprung to address this need is the SIM Registration Act.
This policy can help authorities track down scammers as they can’t simply buy SIM cards without registering with their telco. Scammers can no longer hide behind the veil of anonymity. But as in any national policy, there have been challenges in its implementation.
Upon its effectivity last December 27, SIM card owners have been encouraged to register before the April 26, 2023 deadline. As of March 2023, the Social Weather Stations (SWS) reported that 56% of Filipinos are registered while 44% have yet to comply.
There was also a petition to halt the law’s implementation over privacy concerns. While the Supreme Court junked this petition and ordered relevant government agencies and other entities to comment on the petition, the law is still in effect, although the registration deadline had been extended to July 25, 2023.
SIM registration laws, admittedly, do raise concerns about privacy. Requiring citizens to disclose personal information theoretically introduces privacy risks. On the other hand, it should, if implemented correctly, mitigate scams which, by their nature, violate the privacy of their victims.
To gain a better understanding of how these concerns can be tackled, let’s look at how other countries have implemented similar measures.
The Groupe Speciale Mobile Association (GSMA) reported that there are 157 other countries with SIM card registration laws. Some countries have similarly encountered challenges and found solutions in the implementation of their respective laws.
For example, GSMA’s case study on Tanzania showed that when the law was introduced in 2010, the country used a paper-based system in validating a customer’s ID. In 2015, electronic records were accepted which simplified the process, ensured that data storage is more secure, and improved the overall customer experience.
In addition, research by Comparitech (a cybersecurity and privacy company) showed that countries like Italy, Japan, South Korea, Singapore, and Switzerland have data privacy frameworks (detailing data storage and usage) included in their mandatory SIM registration to address privacy issues.
Clearly, the Philippines is not alone when it comes to dealing with the challenges of this law. What’s important is to continuously assess the implementation’s effectiveness, consult with stakeholders should improvements be needed, and remain transparent about how the data will be used.
Other policies needed
The SIM Registration Act isn’t a silver bullet for financial cybercrimes as cybercriminals can always come up with new ways to deceive customers. It is necessary to implement other measures that target their operations.
The proposed Anti-Financial Account Scamming Act criminalizes money mules and social engineering schemes (i.e., various phishing tactics). The bill was approved by the House of Representatives on May 8, 2023, and it is now awaiting progress in the Senate.
Along with the SIM Registration Act, we believe that this bill, when it becomes a law, can only help in protecting our countrymen from being scammed.
Let’s remember that at the core of these financial cybercrimes are the damages inflicted upon victims. They suffer significant financial loss, shame, and emotional trauma.
An instance of fraud is one instance too many. Enough of these can lead to the public’s loss of trust in electronic payments that so much of our society – and our economy – depend on. We can prevent these problems from worsening through key policies that can help create a society where Filipinos won’t fear losing their hard-earned money from scams.
The author is the data privacy officer and enterprise information officer at the Bank of the Philippine Islands (BPI). This article was written in celebration of the 2023 Privacy Awareness Week