SIM binding is applied in multiple contexts but always with the same essential idea: if somebody wants to use X, they need to have the associated SIM card (or eSIM). There are many kinds of accounts and services that require ‘authentication’ with a SIM in the sense that a one-time password (OTP) is sent to the user’s phone or a silent authentication query is executed over a network when the user first tries to gain access to a new account. SIM binding differs from one-off authentication by requiring repeated authentication for the user to maintain access to their account. So it made sense for the Indian authorities to try binding SIMs to online communication services (OCS) — such as WhatsApp — as a way to reduce crime when they realized many scammers log on to their OCS accounts from locations far from the places where SIM cards were used to authenticate those OCS accounts. The initial data suggests this new control has been a tremendous success, delivering an immediate 30% reduction in the number of WhatsApp accounts that need to be deactivated because they have been misused.
This graph represents the May 2026 snapshot of data about banned WhatsApp accounts associated with Indian phone numbers that we automatically collate for the Commsrisk Global Fraud Dashboard. New records were set during 2025 for the number of Indian WhatsApp accounts banned for violating the terms of service. The number of monthly bans never fell below 8 million between August 2024 and January 2026. Most of these bans are instigated by complaints from genuine WhatsApp users. Levels of abuse like this can only be possible because criminals have automated their methods. The number of monthly bans first exceeded 6 million in April 2023 and remained above that level until February 2026, when it crashed down to 5.48 million. The number of Indian WhatsApp account bans during February 2026 was 33% lower than the number during January. It crept up to 5.98 million in March 2026, but a 9.1% month-on-month rise can be ignored when you factor that March is 3 days longer than February. After allowing for variations in the number of days per month, the number of WhatsApp accounts banned each month has dropped by approximately 30% for the two most recent months where figures have been published, as compared to the three preceding months. And there is only one thing that is known to have changed around this time: the Indian government mandated SIM binding for WhatsApp and other OCS services.
The Indian government imposed its new SIM binding control despite threats of legal action by the OCS providers. Those providers argued that there is no law in India that permits this kind of regulation of their services. That may be true, but this is also an interesting test case for how authorities may choose to regulate the supply of SIM cards. The Indian government did later postpone the date for when the new SIM binding control becomes mandatory, pushing it back from the end of February to the end of 2026. However, this postponement was announced so late that any business trying to comply with the new rule would have already needed to implement SIM binding protocols. The 30% reduction in WhatsApp bans is not a complete measure of the potential for SIM binding because it represents the results from some initial work in progress, not from an ecosystem that has attained full compliance with the SIM binding rules that were set out by the Indian government.
Regulating the supply of SIMs is vital, although it will be resisted by telcos who complain about ‘friction’ for legitimate customers. I would have more sympathy for telco complaints about friction if some of those telcos were not obviously turning a blind eye to the inflation of their customer numbers — and hence the inflation of their share prices — by allowing many thousands of SIMs to be accumulated by criminals who run SIM farms. Huge numbers of SIM cards have been obtained by criminal outfits who install them into simboxes so they can receive the SMS messages that contain the OTP passwords required to create various kinds of online accounts. These online accounts are then sold to different criminal gangs who scam the public.
The separation between the two criminal activities — one gang using SIMs to create bogus online accounts in one place, a different gang using the accounts to scam the public from somewhere else — is the weakness that is attacked by a SIM binding control. Forcing criminals to repeatedly re-authenticate online accounts means the SIM needs to remain in use, greatly adding to the cost of maintaining the online account. Binding SIMs has an additional advantage that also deserves to be explored. If SIMs need to remain in use to sustain the online accounts used by scammers, then it will be easier for telcos to identify anomalous patterns of usage and hence kill the SIMs obtained by criminals. And when the telcos kill those SIMs, they will also effectively kill the online accounts that are bound to those SIMs.
This data should be sufficient for other governments to review what has occurred in India and assess the potential benefit of introducing similar binding rules to reduce scams built upon SIM cards from their nation’s telcos. Many online services expect a customer’s nominal location to be consistent with their phone service, so national prohibitions that prevent SIM cards being used to create online accounts will reduce the number of online accounts that impersonate genuine users from that country. However, one key obstacle to realizing these improved controls will be that many governments have divided responsibilities so that different people oversee different rules for the businesses that supply SIM cards — mobile operators — and the businesses that provide OCS services.
Siloed thinking is the bane of effective anti-scam policies. Alleged reductions in scams are often just the displacement of scams from an area that is being monitored and measured to areas that are neither monitored nor measured. The Indian authorities are clearly conscious of the extent to which scams have been displaced from A2P SMS to P2P SMS, and then to OCS. This displacement was a key reason why Indian telcos, who were already subjected to anti-scam controls for A2P and P2P SMS, were strong supporters of the new SIM binding rules for OCS providers. Seeing the connections in crime requires decision-makers to keep the big picture in mind. Powers that telco regulators could effectively deploy to stop crime — blocking phone numbers circulated for callback scams, impeding the supply of SIM cards to criminals — are sometimes ignored because the crime is initiated or concluded through another channel that they do not regulate, such as email or OCS. Seeing the entire landscape of criminal activity is vital to reducing the corrosive effect that the automation of crime is having upon society.
