Ratlohogo Rafadi is a Research Associate under the SARChI Chair in African Diplomacy and Foreign Policy within the Faculty of Humanities at the University of Johannesburg.
He recently published an opinion article that first appeared in the City Press on 04 March 2025.
The Independent Communications Authority of South Africa (Icasa) must step up its regulatory action with all speed to counter the mass misuse of pre-registered SIM cards, which have emerged as a central enabler of organised crime, identity theft and financial fraud.
The report informs that most of the 165 million SIM cards issued annually in South Africa are likely noncompliant with the Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA), thus creating loopholes that are exploited by criminal syndicates, as reported by Kate Thompson Davy of Business Day in 2023.
Pre-registered SIM cards facilitate a wide range of criminal activities, ranging from kidnapping, cash-in-transit heists, murder and hijacking. They are used by criminals to avoid law agencies tracing their fraudulent and illegal activities. On the other hand, SIM swap hijacking scams are still one of the most urgent cybersecurity threats where scammers capitalise on the weak points in the mobile networks to hijack numbers and obtain illicit access to banking credentials.
Despite a claimed reduction in SIM swap crimes from 87% in 2021 to 76% in 2022 and to 58% in 2023, occurrences remain staggering at an average cost ranging from tens of thousands to potentially reaching millions. These pre-registered SIM card-related crimes have also contributed to South Africa being greylisted, and they deserve immediate attention.
Cybercriminals, including those based within prisons, use these untraceable SIM cards to carry out scams like impersonating a police officer and extorting funds from victims under false pretences. Also, some corrupt government officials who participate in fraudulent activities utilise these pre-registered SIM cards and burner phones to remain anonymous. However, the financial industry is especially vulnerable to SIM-based fraud due to the rise in mobile banking fraud, which has grown as telecommunications and financial services become more connected.
As such, South Africa had a 24% increase in digital bank fraud in 2022 with the majority of the financial offences employing mobile-related frauds as indicated in the 2023 SABRIC report. Moreover, social engineering, phishing and advanced cyberattacks are employed by fraudsters to take advantage of weaknesses in electronic authentication systems, resulting in unauthorised transactions and colossal losses for consumers.
For example, scammers are known to use two-way SMS that has been fraudulently registered via identity theft to conduct their phishing activities to unsuspecting bank clients. Two-way SMS is a technology that was developed to assist legitimate businesses in sending and receiving SMS and to give customers an easy way to respond.
But criminal syndicates have hijacked this service, thanks to pre-registered SIMs, which have enabled them to communicate with large numbers of people effectively with farreaching negative financial consequences. Additionally, pre-registered SIM cards are also known to be associated with terror finance as they are able to conduct their activities whilst eliminating the ability to be traced. However, in order to combat this increasing menace, Icasa must enforce more stringent regulatory demands, such as compulsory biometric SIM registration, real-time monitoring of SIM swaps, and greater collaboration between telecom operators and financial institutions.
The GSMA Open Gateway initiative, recently implemented by South African mobile network operators, is a step forward as it provides number verification and SIM swap detection APIs, which enable banks to better judge the riskiness of financial transactions. Furthermore, the World Bank has reported that the implementation of mechanisms such as the limitation of peer-to-peer payments during peak risk times and upgrading anti-fraud capacity as implemented in Brazil should be adopted by South Africa in an effort to combat SIM card fraud-related activities.
Despite SIM swap scams and criminal misuse of pre-registered SIMs, no active regulation has been implemented. In November 2024, two students exposed vulnerabilities in the RICA system when they illegally acquired eSIMs. Although the loopholes were reported to the Department of Communications and Digital Technologies, nothing constructive was done. The minister’s failure to act is troubling regarding his dedication to the protection of the country’s telecommunication infrastructure.
A failure to control the wholesale abuse of pre-registered SIM cards will further dismantle national security, drain public faith in electronic money systems and facilitate organised crime. In view of this, a credible regulatory regime through technological advancement coupled with severe sanctions is essential for restoring the purity of South Africa’s telecommunications and financial networks. Against this backdrop, Communications and Digital Technologies Minister Solly Malatsi has been criticised for inaction against pre-registered SIM control and SIM card scams.
Additionally, illegal SIM card sales persist, as evidenced by the seizure of over two million SIM cards in Gauteng and the Free State. The failure of the government to contain this has led to allegations of dereliction of duty. While Minister Malatsi has made progress on other matters, such as withdrawing the SABC Bill, his inaction in respect of SIM card fraud only serves to illustrate the need for stronger leadership in order to enhance national digital security and remove the country from Financial Action Task Force (FATF) greylisting.
*The views expressed in this article are that of the author/s and do not necessarily reflect that of the University of Johannesburg.
