SIM Card Registration: Exchanging Some Risks for Others

The Independent newspaper in Uganda reports that mobile operators are finally reaping benefits from the mandatory SIM card registration and validation that was completed in August 2017. The Uganda Communications Commission (UCC) states that one of the side benefits of SIM card registration is that telecom firms are now better positioned to offer services such as advancing micro-credit to subscribers without asking for collateral because they know their customers well. Whilst it may not be as straightforward as UCC would have us believe, the truth is that for too long, African telcos have approached the predominantly prepaid African market as a Wild West frontier of sorts and Uganda does appear to be leading the way in KYC procedures for mobile customers.

By close of deadline on August 31, 2017, UCC and the office of the Prime Minister reported that 98% of the SIM cards had been successfully registered and were compliant.

The design of the whole customer acquisition process in many African telcos has been geared to netting the biggest chunk of SIM cards and hoping to squeeze out a dollar or two from each line. When regulators started taking SIM card registration seriously, suffice it to say many telcos were caught flat-footed. The MTN Nigeria incident was a warning for the telco industry in Africa. MTN was fined USD 5bn for not disconnecting unregistered SIMs and even though this was later slashed down to USD 1.7bn, the industry certainly was jolted into action. In actual fact, it is not as if the regulators suddenly enacted new regulations. The requirements for SIM card registration in one form or another were always there, albeit with slight variations across the countries. As always, the problem was enforcement.

As UCC observes, SIM card registration has the potential to cut off the supply of SIM cards to operators of SIM boxes and this should translate into lower grey route traffic and hence more incoming traffic for operators leading to increased revenue. In markets which struggle with SIM boxes, the loss of the on-net leg revenue for a SIM box number should be less than the gain in incoming international revenue (and more tax for the government). On the face of it, throttling the supply chain of SIM box operators might be more effective than deploying detection systems.

[UCC] also noted that with Simcard registration, SIM card boxing or grey traffic which involves incoming international calls into the country without paying excise duties to the government, has reduced as fraudsters now fear that they can easily be netted.

More to the point, when SIM box fraudsters notice the SIM card acquisition process is subject to KYC requirements, they are likely to shift their focus to countries which have less stringent requirements. There are countries in this region where a subscriber can be identified using all manner of documents: passport, national ID, voters card, baptism card… even a letter from the village chief. Authenticity of such documents is always a challenge and criminals know this. I have encountered cases where SIM box fraudsters purchased SIM cards in bulk, using the registration documents of a convent. I suppose they figured nobody would ever suspect a place that hosts pious nuns!

As if that is not enough, the elephant in the room turns out to be none other than Big Brother. SIM card registration and the use of subscriber data to fight crime can just as well be used by governments to monitor the citizenry and suppress opposition. East Africa is hardly a model of good governance. When law enforcement agents walk into a telco, already knowing that all the data is sitting waiting for them, there is little to prevent security organs from extending their mandate as they wish and using these data requests for nefarious purposes. Subscriber data privacy is difficult to assure in such a case. The telcos cannot say the data is unavailable because to do so would attract hefty fines and the attendant bad publicity.

Damned if you do and damned if you don’t is becoming a new risk on these African streets!

Joseph Nderitu
Joseph Nderitu
Joseph Nderitu is a director at Integrated Risk Services Ltd and specializes in revenue assurance. He previously worked as Head of Revenue Assurance and Fraud Management at Vodacom's operation in Tanzania, having previously served in the same role at Vodacom Mozambique.

Before his work with Vodacom, Joseph was an internal audit manager for Airtel, with responsibility that covered their 17 countries in Africa. Whilst at Airtel, Joseph led reviews of the Revenue Assurance, Customer Service and Sales & Marketing functions.

Prior to his stint at Airtel, Joseph was an RA manager at Safaricom in Kenya. He holds an MSc Degree in Information Systems.