News

Billions Lost to SIM-Swap Fraud Spark Calls for Biometric Reform

by CBIA Team

Updated March 24, 2026

Telecommunications fraud is costing the economy more than R5.3 billion annually, with nearly 60% of mobile banking fraud directly linked to SIM-swap attacks. According to the Communications Risk Information Centre’s 2025 Telecommunications Sector Report, this specific vulnerability allows criminals to hijack phone numbers, intercept one-time passwords, and drain bank accounts, prompting urgent calls for legislative reform to close critical loopholes in current registration systems.

Background and Context

SIM-swap fraud functions by transferring a victim's phone number to a SIM card controlled by a criminal. Once the transfer is complete, the victim is often locked out of their device while the fraudster receives authentication codes intended for the victim, granting access to financial services. The proliferation of mobile devices—South Africa distributes over 150 million SIM cards annually—has turned the SIM card into a critical gateway for banking and digital identity. Despite this high volume, millions of cards remain registered anonymously or with falsified details, providing a vast operating environment for criminal syndicates.

Key Figures and Entities

Security analyst Johan Van Graan has highlighted that the technology required to mitigate this risk already exists within the banking sector. The Department of Home Affairs maintains a database of ID photographs which, experts argue, could be utilized to verify applicants in real-time. The South African Parliament is responsible for the Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA), the legislation currently governing SIM registration. Parliament is facing pressure to amend RICA to address these digital security failures.

Legal and Financial Mechanisms

Current regulations under RICA do not mandate biometric verification, a gap that allows individuals to register hundreds or even thousands of SIM cards without rigorous checks. Investigators propose three specific amendments: enforcing biometric matching between a live photo of the applicant and the Home Affairs database during activation and swaps; imposing reasonable limits on the number of SIMs registered per individual; and requiring tamper-proof packaging to hide unique identifying information until activation. These measures aim to sever the link between bulk, fraudulent SIM registration and financial crime.

International Implications and Policy Response

The proposed reforms are not merely theoretical. Biometric registration is already standard practice in jurisdictions such as Thailand, Nigeria, Uganda, Mozambique, India, the UAE, and Peru, demonstrating that the systems are both practical and effective. While experts acknowledge that amending RICA will not eliminate all crime, it would address a specific, widely exploited weakness in the digital security infrastructure. As banking becomes increasingly mobile-first, closing the SIM-swap vector is viewed as essential to protecting millions of citizens who rely on their phones for access to their money.