MORE than a month has passed since the signing of the SIM (Subscriber Identity Module) Registration Act into law, intended as an ambitious move to combat fraud by requiring Filipinos to register their identities with public telecommunications entities (PTEs).
The discourse has been understandably divided: companies in support argue that it is a critical step in combating criminal activity, significantly reducing spam and scam SMS messages. Those against it say the Act presents gaping holes in data security and enforcement, explaining that scammers can easily shift to other means to acquire peoples’ information.
Indeed, implementing the Act may pose challenges for business and society-at-large. However, it is a necessary step on the way to further digital maturity of the national economy.
FITTING WITHIN GLOBAL PRACTICEAlready, the number of SIM cards in the Philippines exceeds the population by 40% (vs. the excess globally of just 5%, according to Data Reportal) and is continuing to grow rapidly (+5% for 2021-2022). At the same time, Filipinos use mobile internet the most in the world (five hours and 47 minutes per day vs. the average global level of three hours and 43 minutes).
These factors alone are enough to make it clear that the rapid digitalization of society based on mobile technologies has enormous potential in the country. Without regulation and control, however, this potential can simply fall into the wrong hands and can become very dangerous.
After the pandemic, the number of cybercrimes increased by 703% in 2021 compared to 2020, and by 125% in nine months of this year compared to 2021, according to the Philippine National Police’s Anti-Cybercrime Group.
The Act fits within global practice, with the Philippines joining the vast majority of countries — 185 out of 245 — where SIM card registration is mandatory. The registration of SIM cards is intended to become a guarantee of a transparent, regulated and secure mobile environment. This environment, in turn, strengthens the foundations of the national digital ecosystem.
Obvious beneficiaries are fintech companies, which will employ new opportunities to strengthen scoring, e-KYC policy, cybersecurity, among others. Based on our experience in other countries, linking phone numbers to specific individuals has been a significant asset in all these areas and it is expected that the Philippines will not be an exception in how this new law will greatly reduce mobile scams and crimes related to the disposal of prepaid SIM cards.
The Act also looks promising when considering digital payments and e-commerce. Registered SIM cards can bolster the integration of payment channels with a smartphone, increasing the personalization of online shopping services such as the Buy Now, Pay Later segment. Nowadays, it is especially on the rise in the Philippines: the market is valued at $1.5 billion, and by 2028 it promises to grow to $10 billion.
ADDRESSING MAJOR CONCERNSWhile minimizing the risks of digital fraud and deepening integration into fintech ecosystems, it is important to recognize the logistical problem of 160 million SIM cards already in the hands of Filipinos requiring official retroactive registration within 180 days to avoid deactivation.
For the consumer, there is no cause for concern as the registration procedure is free and can be done online through means the PTEs will establish, according to a section of the new law. The forthcoming Implementing Rules and Regulations (IRR) of the Act is expected to shed light.
Government agencies and PTEs are also expected to establish registration facilities in remote areas with limited telecommunications or internet access, which is hoped to pave the way for registration for the representatives of indigenous peoples and residents of remote rural areas.
Concerning the security of personal data of Filipinos, the Act addresses this salient point of contention by prohibiting disclosure of a subscriber’s personal information, except by decision of law enforcement and judicial authorities.
The National Privacy Commission (NPC), recognizing that implementing a SIM card registration system “will entail a massive collection of personal data,” said in an earlier statement that there is a “strong need to develop a technology-neutral approach and to future-proof the proposed legislation to achieve its intended purpose, in a manner that respects the rights and freedoms of the data subjects.” This recognition should further alleviate concerns.
We also share their call for mechanisms to be developed and implemented to prevent security risks and data breaches “that may arise from overcollection and improper or inadequate monitoring practices.”
In general, the Act will complement the Philippines’ digital transformation agenda and take it to the next level. The challenge, ultimately, is proper implementation and adoption — both subject to much-needed inter-sectoral deliberation.
Kirill Kalashnikov is the regional director for APAC at Robocash Group, which operates in the Philippines through consumer finance company Digido.