Zambian regulator deactivates 2.1 million fraudulent SIM cards


The Zambia Information Communication Technology Authority (ZICTA) claims that it has switched off or de-activated about 2.1 million mobile SIM cards after a cleanup exercise following a spike in mobile money scams in which the country has been experiencing and said these were illegally registered.

While SIM card fraud is nothing new, it dramatically worsened in the wake of the COVID-19 pandemic. People are conducting activities from their phones at an unprecedented rate and scammers are taking full advantage of this increased usage. With more access to online transactions at our fingertips, comes more access to users’ personal information, and subsequently, the margin of vulnerability widens.

ZICTA consumer protection and compliance manager Edgar Mlauzi said the ICT authority is “working tirelessly” to combat digital fraud.

He said the deactivated SIM cards belong to subscribers who had more than ten SIM cards under one name, which the regulator believes are used to commit fraud.

Mr. Mlauzi said from the time the SIM cards were deactivated, the volume of spam or suspected scam messages had declined.

“The authority has received several complaints from people who have been defrauded but ZICTA is doing everything possible to address the situation. Scammers send unsolicited messages to members of the public using the SMS platform by using fraudulently registered Subscriber Identity Module (SIM) cards which compromises the safety of other users of electronic communication services,” he said.

According to ZICTA, Zambia has continued to record increased use of digital financial services with mobile money transactions increasing to K105.6-billion by the end of last year from K49.6-billion in 2019, representing a 113% increase.

Bank of Zambia payment systems department manager Maria Katepe said the Central Bank is promoting digital financial services, particularly mobile money services which she said: “is the appropriate vehicle through which people can access financial services.”

ZICTA had in early February 2022 called for all users to regularize their mobile phone numbers registrations and that a timeline was given after which those phone lines that had not complied, the ICT Authority would deregister all non-compliant SIM cards across the country,

ZICTA has since reiterated that the members of the public should at all costs desist from buying already registered SIM cards as such is against the law and anyone found wanting risks being prosecuted.

Chaaba revealed that so far, ZICTA has encountered situations where innocent people have been implicated in investigations due to owning SIM cards that were once used by criminals.

ZICTA confirmed with Zambian Business Times that the SIM cards that will not be claimed within 90 days after deactivation will be allocated to other new users. The Authority has since appealed to members of the public to take time to regularise their SIM card registration to avoid losing their contact numbers and for the country to have a clean database.

There is also much furore and some have accused ZICTA of being used by politicians to clean up the database to facilitate the location and identification of anonymous social media commentators who are critical of government officials and politicians according to Zambian Business Times. Some say this move is an affront to free speech as most people who use anonymous phone lines will stay away from whistle-blowing ills in government following this clean-up. It remains to be seen how this will eventually pan out.

But ITWeb Africa in an article published June 03, 2021, argues that SIM cards not only grant users access to a mobile service, but also allow governments to accurately identify the owner of a mobile device, including who is making phone calls, sending messages, or making financial transactions.

The article added that the existing process for registering a new SIM card traditionally takes place in person. A user interested in signing up for a new phone or mobile device must travel to a local branch and complete the process with a company representative. During this process, the user will provide his/her personal information, which the provider will then keep on file. From this point forward, that person’s personal information will stay tied to that respective SIM card.

Replacing a SIM card, however, can be handled via call center with a designated representative. A person in need of a new SIM card can call up their network provider, provide answers to a few authentication questions, and get a new card sent to them quickly.

The problems with these methods are three-fold but one is that they are fraud-prone. Typical authentication questions used to prove a person’s identity are very easy to steal or discover – a person’s email address or phone number typically suffice and there are no built-in safeguards to protect against situations involving bribery.

SIM swap fraud: a new wave of attacks targeting financial services and online services in Africa. (Photo/ Tech Trends)

One process called the SIM Card Swap involves getting just enough personal information to then call a mobile network provider, impersonate their victim, say they lost their SIM card, and ask for a new one. Once completed, they can then use their phones to access the victim’s personal and financial accounts, leading to massive financial losses for the victim, and presenting a significant challenge to the victim as they attempt to restore their identity.

Meanwhile, the independent communications authority of South Africa (ICASA) submitted a radical proposal to tackle the problem of SIM swapping attacks in the country, suggesting that local service providers should keep the biometric data of cellphone number owners according to Bleeping computer.

Ahmore Burger-Smidt, the Director and Head of Data Privacy and Cybercrime Practice at Werksmans Attorneys in South Africa, told Bleeping Computer that ICASA’s proposal might very well be the only solution to crack down on SIM swap fraud.

“SIM card fraud is unfortunately rife in South Africa and mobile network operators are at a loss on how to deal with this. In addition, the RICA legislation (Regulation of Interception of Communications and Provision of Communication-related Information Act 70 of 2002) places a positive obligation on mobile network operators to obtain certain data when a SIM card is sold.

In a world with various pieces of legislation, the broader legislative landscape should serve the public interest. It is undoubtedly in the public interest to prevent or at least aim to limit cyber-fraud and therefore collecting biometric information could very well serve the public interest.”

ICASA believes that associating mobile numbers with subscriber biometric data will finally close all loopholes and end the cellphone numbers hijacking problem.

Read: USSD driving digital and financial inclusion in Africa

Albert is a Chemical Technologist and Author. He is passionate about mining, stock market investing, Fintech and Edutech.

Leave A Reply