In Rwanda, SIM swap fraud has been utilized to carry out unauthorized SIM card registration onto unaware members of the public, allowing criminals to carry out fraudulent activities under the guise of another person.

In order to curb the issue, updated regulations were introduced by Rwanda Utilities Regulatory Authority (RURA), whereby telecom operators would implement new directives for SIM card registration and swapping.

Under the updated regulation N° 004/R/ICT/RURA/2018 of 26/04/2018, anyone who wishes to get a new SIM card or swap for various reasons would have to complete the process at their respective telecom service provider’s service centre.

The new requirements for every SIM card registration or swap include:

• Physical presence of the SIM Card holder or requestor to the designated and approved location by the telecom operators;

• Provision of biometrics by the subscriber;

• In addition, he/she must be in the possession of these documents;

  • National Identification Cards, for Rwandans;

  • Passport or any other legal document used to originally enter the Republic of Rwanda, for foreigner;

  • Refugee identity card, for refugees.

Previous to September 1^st 2021, when this regulation came into effect, SIM cards were being registered through simply checking if a chosen ID number exists.

With the new regulations, during the SIM card registration, the service provider personnel checks if the presented National ID matches the data in the National Identification Agency and confirm that the person physically present is the ID owner.

Through its stronger verification and tracking process, this regulation and procedure enhances SIM card security and decreases the likelihood of SIM swap fraud. 

But aside from these measures, how can a SIM card user protect themselves against SIM swap fraud?

1. Regularly check all SIM cards registered on your ID

Dial *125# and follow the instructions to regularly check the SIM cards registered on your identity card and deactivate unwanted or illegally registered ones. 

2. Limit the amount of personal information you share online.

Attempt to not overshare on social media. Fraudsters will latch on to the smallest details in order convince your network provider that they are you. Where appropriate, avoid posting anywhere public your full name, address, phone number and birth date.

3. Don't fall for phishing emails, texts and calls.

Your bank, public offices or reputable health offices will never contact you out-of-the-blue and ask for your personal information. Hang up or delete the message, and instead contact the institution on your own.

4. Use strong passwords and security questions.

Use strong passwords containing at least 10 characters, upper-case and lower-case characters, and numbers and symbols, to protect your online accounts. Also use identity questions that are strong in that not even your closest friends or relatives could guess them.