Globe ordered to tighten sim replacement protocol

The National Privacy Commission (NPC) ordered Globe Telecom Inc. to have stricter protocols in replacing prepaid SIM cards after a consumer fell victim to identity theft, which led to the latter’s online bank account being breached.

In a statement on Tuesday, NPC said Globe had committed to enforce a 24-hour delay in the activation of newly replaced SIM cards for subscribers who reported a lost or stolen phone.

The delay will be imposed under the following scenarios: if the subscriber failed to present the SIM bed or if unable to provide proof of identification in case the prepaid subscriber is a GCash user.

This is to enable the victims of a SIM swap scheme enough time to respond whenever they are notified of a request for SIM replacement, and therefore stop the identity theft from happening.

In processing SIM replacement requests, the NPC said Globe would require subscribers to present government-issued ID cards or the original SIM bed as proof of ownership.

SIM swapping, according to NPC, refers to the modus operandi where fraudsters illegally obtain from a telco operator a replacement SIM card not belonging to them and then use the number for fraudulent activities.

“A SIM card in the hands of a cyber thief makes mobile authentication meaningless, as it becomes almost like a master key for committing all sorts of identity fraud,” said Privacy Commissioner and Chair Raymund Enriquez Liboro.

“It leaves the victim’s personal data vulnerable to all sorts of misuse and abuse, including access to e-mail and Facebook accounts and unauthorized ATM and online bank withdrawals. As gatekeepers of mobile authentication, we are asking telco providers to upgrade their security measures,” he added.

Prior to this, the only security measure Globe provided was to require the person requesting a replacement card for an affidavit attesting to the truth of the loss of the SIM card.

“We hope to see all telco operators in the country enforcing stringent measures to protect the privacy interests of their subscribers not just against mobile identity thieves but against all sorts of mobile fraudsters,” he said.

The commissioner also warned against oversharing personal information on social media.

“Personal identity thieves and fraudsters start their schemes by collecting as much data about you as possible. They could be stalking your Facebook account, sending you phishing e-mails or posing as credit card agents asking very detailed personal information,” he said.

“Once these people commit crimes in your name, it can be very difficult to recover. Let’s stop feeding these schemers,” he added.

Read more...