Sen. Sherwin Gatchalian has called on the Department of Information and Communications Technology (DICT) and the National Telecommunications Commission (NTC) to crack down on the rampant sale of pre-registered SIM cards, warning that these are being exploited in financial crimes and online scams — especially as the holiday season approaches, when cybercriminal activity traditionally spikes.
“I am calling on the NTC and DICT to use everything in their power to compel the telcos to come up with mechanisms that would identify the subscribers. You need to come up with an innovative solution. We cannot allow this to continue. The law is already there,” Gatchalian said during a Senate budget hearing.
The senator, one of the principal authors of the SIM Registration Act, stressed that the measure’s objective — to help law enforcement trace scammers and fraud syndicates — has not been fully achieved because pre-registered SIMs remain easily accessible online.
During the hearing, Gatchalian presented screenshots showing pre-registered SIMs openly sold on Facebook and Shopee.
“We need to put an end to this. Matagal na nating pinag-uusapan ito, lalo na ngayong magpapasko na naman,” he added.
In a related development, the DICT on Sunday, Nov. 2. issued an advisory alerting the public about a possible Distributed Denial of Service (DDoS) or “traffic flood” attack detected on November 5, 2025, which could slow down or temporarily disable certain websites and online platforms.
The agency said its National Computer Emergency Response Team (NCERT) is on 24/7 monitoring under Oplan Cyberdome — a coordinated cybersecurity initiative involving the DICT, the Cybercrime Investigation and Coordinating Center (CICC), NTC, law enforcement agencies, and other partners — to ensure rapid detection and response to online threats.
According to the DICT, a DDoS attack occurs when multiple sources send massive traffic requests to a website or online service, similar to an internet “traffic jam.”
The agency assured users that such attacks do not compromise personal data, financial accounts, or stored information.
