Last 12 December 2022, the National Telecommunications Commission (NTC) of the Philippines released the Implementing Rules and Regulations (IRR) of the SIM Registration Act (RA 11934). The legislation requires all Subscriber Identity Modules (SIM Cards) to be registered with the goal of curbing cybercriminal activities and addressing issues related to trolling, hate speech, and online disinformation.
The extended deadline to register all existing SIM Cards has elapsed last 26 July 2023. Telco services for those who missed the second deadline are now limited and their SIM Cards will be permanently disabled by Monday, 31 July 2023.
According to the regulations, transferring or selling a registered SIM card must adhere to the prescribed registration requirements. The law considers the sale of stolen SIM cards, as well as the act of “spoofing” or intentionally providing false information about the origin of phone calls or text messages with the intention to deceive, cause harm, or illicitly gain something of value, as criminal offenses subject to liability.
OTP Buy & Sell FB Groups
Thanks to a tip by fellow Pinoy Mozillian Aaron Cajes, using a few search terms on Facebook will yield public groups that are trading OTPs (One-Time Passwords) and registered/activated SIM Cards.
An OTP serves as a security mechanism to authenticate users and protect sensitive information during online transactions or login processes. The main use of OTP is to provide an additional layer of security on top of traditional username/password combinations. We normally will need an OTP whenever we transfer money using our mobile/online banking accounts or eWallets, and when we attempt to change the primary mobile number attached to our accounts.
Sharing an OTP with strangers may lead to unauthorized access, account takeover, financial loss, privacy violation, phishing and scams, compromised 2FA/MFA (two-factor authentication / multi-factor authentication), replay attacks, and loss of trust.
As a best practice when it comes to cybersecurity, never share your OTP with anyone, including friends, family, or colleagues (most especially with strangers online). OTPs are a valuable tool in enhancing online security, but their effectiveness relies on keeping them confidential and using them responsibly.
Also, remember that under the SIM Registration Act, anyone caught using fictitious identity or fraudulent documents to register a SIM Card may be fined between PHP100,000 to PHP300,000 plus imprisonment of six (06) months to two (02) years. The sale of stolen SIM Cards will be meted with a jail time of six (06) months to two (02) years or a fine between PHP100,000 to PHP300,000, or both.
I’m just wondering, how can Philippine-based telcos know the legitimacy of information and proof of identification submitted by SIM Card Registrants? In this day and age, it is very easy to acquire an ID card from the University of Recto or somewhere online.
NOTE: The MozillaPH team has already reported these FB Groups to Meta for their handling.