Fixing the real problem with Nigeria’s SIM recycling system

Nigeria's telecommunications regulator faces mounting pressure to overhaul its SIM card reassignment framework. The House of Representatives recently called on the Nigerian Communications Commission (NCC) to extend the dormancy window—the period before a deactivated SIM can be recycled—from its current timeframe to **18 months**, a move that could fundamentally reshape how the nation addresses digital identity fraud and financial crime.

## Why is SIM recycling a security risk for Nigeria's financial system?

The core issue is deceptively simple: when a SIM card is deactivated and quickly reassigned to a new user, bad actors exploit the gap. A fraudster can intercept two-factor authentication (2FA) codes intended for the original owner, bypassing bank security protocols and stealing funds. Nigeria's 2023 cybercrime losses exceeded **$600 million**, with SIM-swap attacks accounting for a material portion of that damage. The telecom sector, already under scrutiny for Know Your Customer (KYC) lapses, became an inadvertent gateway for organised fraud rings targeting diaspora remittances and corporate accounts.

Currently, Nigeria's major carriers (MTN, Airtel, Glo, 9mobile) operate under loose reassignment timelines, sometimes recycling SIMs within **30–90 days**. This window is too narrow to protect users who may be traveling, between devices, or simply unaware their account has lapsed. For investors and fintech operators, the risk is acute: a compromised authentication layer undermines the entire digital banking ecosystem that regulators want to scale.

## What does an 18-month extension actually solve?

Extending the dormancy period to 18 months creates a **harder target** for fraud rings. It forces attackers to operate on a longer timeline and reduces the velocity of SIM-swap attacks. Real-world evidence from markets like India (which implemented similar policies) shows a **35–40% reduction in SIM-based fraud incidents** within the first year of enforcement.

The extension also buys time for users to report lost or stolen SIMs before recycling occurs. For diaspora investors sending money home, this translates to a lower breach risk for their Nigerian bank accounts. For fintech startups building on Nigeria's telecom infrastructure, it means fewer customer compensation claims and better insurance ratings.

However, the solution is incomplete. An 18-month window only works if the NCC **enforces it across all carriers with real penalties**—not voluntary guidelines. Currently, compliance monitoring is weak, and carriers often prioritize subscriber acquisition over security timelines.

## What are the broader implications for Nigeria's digital economy?

This policy debate signals a shift in regulatory thinking. The NCC is finally acknowledging that telecom infrastructure is **financial infrastructure**. As Nigeria pushes toward a $1 trillion digital economy and attracting tech investment, trust in the identity layer is non-negotiable.

The Central Bank of Nigeria (CBN), meanwhile, has tightened Biometric Verification Number (BVN) linking to SIM cards—a parallel effort to create redundancy. If both policies are coordinated, Nigeria could become a model for emerging-market digital security. If they're siloed, compliance costs will fragment the ecosystem.

Investors watching Nigeria's telecom and fintech sectors should monitor three things: (1) whether the NCC codifies the 18-month rule by Q2 2025, (2) carrier compliance audits, and (3) whether the CBN and NCC align on authentication standards.

---

#