CAMARINES Sur Rep. LRay Villafuerte on Thursday expressed belief that strengthening data privacy and cybersecurity should top the concerns of technocrat Henry Rhoel Aguda as the new honcho at the Department of Information and Communications Technology (DICT), following estimates that relentless attacks on digital payments and other online transactions could spell a whopping P86 billion in financial losses for Filipinos this year alone.

“As the newly minted honcho at the DICT, Secretary Henry (Aguda) can put to use his extensive experience and expertise in digital transformation in the corporate world to possibly do wonders for the government’s drive to check surging cyberfraud,” Villafuerte, National Unity Party (NUP) president, said.

And with most cyberattacks targeting cellular phones (celfones), the CamSur congressman said the new DICT Secretary would do well to work with the Congress, pertinent government agencies, private telecommunications companies (telcos) and other stakeholders in revisiting the Subscriber Identity Module (SIM) Registration Law amid the unbroken surge in text and online fraud that this new regulation is supposed to overcome.

Villafuerte was a lead author of Republic Act (RA) No. 11934, or the “SIM Registration Act,” which President Marcos signed in 2022 to put an end to text and online fraud.

The former Camarines Sur governor is also the majority leader of the bicameral Commission on Appointments (CA) which screens major presidential appointees.

“For the government to get RA 11934 right this time, Secretary Henry needs to give priority attention to a revisit and overhaul of this seemingly ineffectual regulation by working with its CICC (Cybercrime Investigation and Coordinating Center) along with the Congress, NTC (National Telecommunications Commission), NBI (National Bureau of Investigation), PNP (Philippine National Police) and other concerned institutions with an eye to a far more synergetic and effective multisectoral approach to combating text and online scams,” Villafuerte said.

He made this call following a report by mobile security firm Appdome that the Philippines faces financial losses of $1.5 billion or P86 billion this year alone from cyberattacks targeting celfones, which are often the go-to devices of many Filipinos when they make digital payments and other online transactions.

Appdome co-creator and CEO Tom Tovar was quoted in a media interview as saying that among the digital threats worldwide are mobile “Trojan” attacks, which look like “seemingly legitimate” celfone applications like expense trackers or photo and video editors.

“But inside that application there is another code, malware that is being used either to monitor your behavior, harvest your personal information, or worse, perform account takeovers,” said Tovar. “They (hackers) take your username and password and send them away to a server and somebody sells your username and password on the dark web.”

Once sensitive information like e-wallet details have been obtained from scam victims, Tovar said that hackers can take over these digital accounts and get the money of the victims.

Appdome’s Mobile Consumer Survey in 2024 showed that 54.7% of Filipino consumers use mobile applications more than the web, and that 61.6% of the respondents claimed they use e-wallets, mainly for their payments.

Aside from Trojan attacks, the report said that Filipino mobile users have also been buffeted by the surge of text scams that aim to dupe them into giving out their personal information.

In late March, President Marcos named as DICT chief (in place of then-Secretary Ivan John Uy) Aguda, the former president-CEO of UnionDigital Bank and specialist in digital transformation, e-ban

Prior to his Cabinet appointment, Aguda was the digital infrastructure lead at the Private Sector Advisory Council (PSAC) that the President had set up to strengthen government-private sector partnership.

Aguda had, at one time or another, likewise served as chief technology officer (CTO) at Globe Telecom, Digital Telecommunications Philippines (Digitel) and Government Service Insurance System (GSIS).

Presidential Communications Undersecretary and Palace Press Officer Claire Castro said earlier that financial institutions incurred some P528 billion in losses from cyberattacks in 2024.

Hence, the President gave “marching orders” to Aguda to prioritize at the DICT the administration’s digitalization program, including nationwide internet connectivity and cybersecurity, Castro said.

For Villafuerte, among the possible reforms that could be considered for a possible amendatory law in the Congress is the requirement for the mandatory appearance of persons registering their respective SIM numbers, in the same way that people are required to personally appear before the Land Transportation Office (LTO) in getting their drivers’ licenses or before the NBI when they apply for clearances.

Other possible provisions in a proposed amendatory law he said, are limiting the number of valid government-issued identification (ID) cards that registrants can present, requiring agencies with accredited IDs for registration to put up platforms where the public telecommunications entities (PTEs) or telcos can validate the IDs of registrants, and authorizing the NTC to regulate or limit the number of SIM cards that people can register with the PTEs.

Villafuerte said that such amendments to toughen the Sim Registration law are needed to help check cyberattacks or text scams, considering that RA 11934’s penalties of prison terms of up to 6 years and a cash fine of up to P300,0000 for SIM Registration violations have obviously failed to scare off scammers from victimizing people via digital fraud.

Villafuerte recalled that the 19th Congress wrote the SIM Registration law in 2022 on the government’s belief that it could put an end to text and online scams by requiring everyone to register their SIM cards with the PTEs.

Our three PTEs are Smart Communications Inc., Globe Telecom Inc. and Dito Telecommunity Corp.

In a congressional hearing in 2023, an NBI official said that to test the SIM registration system, the bureau was able to register a SIM card using a fake ID with the photo of a smiling monkey.

The PNP Criminal Investigation and Detection Group (CIDG) arrested last January two Chinese nationals suspected of selling pre-registered SIM cards, seizing 4,000 SIMs suspected of being intended for criminal activities like online phishing and romance scams.

Scammers have also been using not just SIM cards but also Internet-based chat apps like Viber, Messenger, Telegram and WhatsApp to send text or message scams; or mimicking the names of banks, e-wallets or other legitimate companies to send clickable links to scams to unsuspecting targets.

AUTHOR PROFILE

Ryan Ponce Pacpaco