SIM Card Fraud & Cybercrime

Home
Insights
How SIM Card Fraud Fuels a Hidden World of Cybercrime
Insights Sim Cards Fraud Fuels A Hidden World Cybercrime (1)

How SIM Card Fraud Fuels a Hidden World of Cybercrime

In Practice | Manish Gangwar and Shruti Mantri
Share:

ISB experts help us understand how SIM card fraud thrives by exploiting loopholes in the system.

"SIM card subscription fraud, a significant issue in India, poses substantial challenges to the resolution of cybercrime cases,” cautions a recent study by ISB experts Shruti Mantri and Manish Gangwar.

This growing concern for the industry stems from an increasing number of cases where fraudsters use stolen or fake identities to access telecom services. As cited in the research, it is estimated that this type of fraud constitutes 35% to 40% of all telecom fraud worldwide, costing the industry a staggering 40 billion Euros (INR 3,600 billion) annually.

Despite the severity of the problem, most telecom providers rely on outdated identity verification methods that fail to catch these fraudulent activities. As a result, fraudsters continue exploiting the system, causing significant financial losses and security risks for the industry and its customers. 

Currently, most telecom service providers use standard customer identity validation and verification techniques, which are largely ineffective in detecting and controlling subscription fraud.

At a time when the telecom industry is grappling with rising cybercrime and is looking to understand fraudulent activity better, ISB experts identified five major reasons that lead to SIM card fraud in practice, due to loopholes in the system.

  1. Lack of real-time photo verification: SIM cards can be issued without thorough verification of the buyers’ photo IDs at the time of purchase. Fraudsters exploit this flaw in the electronic and digital Know Your Customer (KYC) processes, using fake identities to obtain SIM cards. Once they have these cards, they can commit cybercrimes while remaining undetected.
  2. Unverified alternate numbers and poor record keeping: Nearly 89% of alternate numbers provided when obtaining a SIM card are not linked to any Aadhaar number (national identification system in India), which creates a major gap in the verification process. Cybercriminals are thus able to manipulate the system by providing false contact information, making it easier to conceal their activities. Additionally, telecom providers struggle with outdated digitisation systems for customer application forms (CAFs). This means that in the event of a criminal investigation, it is difficult to retrieve customer data quickly in real-time. 
  3. Point-of-sale (POS) agent negligence: The SIM vendor or the POS agent sometimes issue SIM cards without thoroughly checking ID and address proofs. This opens the door for fraudsters to use mismatched or completely fake documents to get SIM cards to commit cybercrime under a false identity.
  4. Unlimited SIM cards: Despite government regulations limiting individuals to a maximum of nine SIM cards (or six in regions like Jammu & Kashmir and the Northeast), these rules are not consistently enforced in India. This allows fraudsters to obtain multiple SIM cards for illegal activities such as scams, phishing, or setting up fraudulent online accounts. Although the Department of Telecommunications has issued penalties for exceeding these limits, compliance checks remain inconsistent, enabling misuse. 
  5. Fake Aadhaar cards: Data shows an alarming trend of fraudsters using counterfeit or outdated Aadhaar cards, sometimes with children’s images, to falsely obtain SIM cards. These fake IDs allow cybercriminals to avoid detection and carry out malicious activities while hiding behind a fake identity.


These lacunae expose the critical vulnerabilities in the system that are abused by attackers to commit subscription fraud.

“Drawing from successful practices in other countries, we have developed a set of recommendations. By adopting these measures, telecom service providers can significantly mitigate the risk of SIM card fraud, thereby safeguarding their customers and reputation," suggested the experts.

Their recommendation details the importance of not sharing personal information and promptly reporting lost or stolen SIM cards.

The way ahead

To address these issues, ISB experts suggest that it is vital to implement strong online identification and validation methods.

Key strategies include:

  1. Knowledge-based validation, which relies on personal information known only to the user
  2. Phone authentication, involving verification codes sent to the user's mobile
  3. Address validation, confirming the authenticity of provided addresses
  4. One-time passwords (OTPs) for single-use security codes
  5. Common username deployment across multiple telecom providers for cross-referencing and consistency


Focusing on a multi-layered, risk-based approach, ISB experts recommend incorporating online identification and validation methods, enhancing electronic identification processes, and increasing customer education to combat SIM subscription fraud.

These recommendations by ISB experts are part of a study conducted by the ISB Institute of Data Science for the Telangana Police. 

 

Author: ISB Editorial Team