The National Bureau of Investigation (NBI) revealed that fake IDs, even those with animal photos, can easily fool the SIM registration system. The NBI Cybercrime Division chief, Jeremy Lotoc, showed how they registered new SIM cards from different telcos using IDs with a smiling monkey's face. The system accepted the IDs without any verification.

When registering a SIM card, you are asked to provide identification for verification. These are screened by automated registration systems, relying on algorithms to perform initial checks. Globe, Smart and DITO have specific criteria for uploading an ID for verification.

ID Upload Specifications:

- Maximum file size is 5MB.
- Photos must be in PNG, JPG, JPEG, HEIC, or PDF.
- Make sure your chosen ID is not blurred or cropped.
- The ID must not be expired.
- Your ID photo and selfie must match.
- Make sure all information is correct and accurate.

These guidelines seem fairly comprehensive at first glance. They dictate the format and quality of the ID image and ensure that the uploaded ID is genuine, readable, and current. However, it is precisely the mechanical nature of these guidelines that presents loopholes.

Automated systems that screen these IDs generally confirm compliance with the points outlined above. They look for the file size, check the image format, and may use OCR (Optical Character Recognition) to ensure the text is readable and matches different data points. But, these systems are not typically designed to apply a layer of "common sense" to the verification process.

Here's where the absurdity enters: theoretically, a fake ID with a photo of a monkey could pass this automated system as long as it complies with all the listed specifications.

1. File Size and Format: If the fake ID image is under 5MB and in one of the accepted formats, it ticks these boxes.
 
2. Clarity: The system checks off these requirements as long as the image is clear and the text is readable. The automated system likely won't assess whether the ID's content (like the photo) makes logical sense.
 
3. Expiration: If the expiration date on the fake ID is set to a future date, the system will validate it as a non-expired ID.
 
4. Matching Photos: If you also upload a clear, matching "selfie" with the same monkey photo, technically, the photos "match," thus meeting this criterion.

5. Correct and Accurate Information: As long as the text fields contain data that is logically consistent (even if fraudulent), such as a name matching across both the ID and system entry, the algorithm is satisfied.

While this scenario might sound amusing, it highlights a critical weakness in relying solely on automated systems for important verification processes. While they are excellent for quickly handling large volumes of data, they are not a substitute for human judgment, which can spot inconsistencies that no algorithm could flag as suspicious—like a monkey appearing where a human face should be.

While automated systems have their place in streamlining large-scale operations, their limitations, as amusingly highlighted by our monkey photo example, suggest that they should be one part of a multi-layered verification process, ideally backed up by human oversight.

It's essential to recognize that telecom companies were given just about ten days to set up their systems for SIM registration. This is an incredibly short timeframe to establish such a critical system.