Experts urge the South African government to prioritise the enforcement of SIM card registration laws as a critical step in combating rising cyber crime, following a renewed commitment to address systemic flaws and enhance national security.
Image: IOL / RON AI
Industry experts have offered a cautious welcome to the South African government’s renewed commitment to address critical weaknesses in SIM card registration, but they stress that actual enforcement of existing laws, not just new legislation, will be the key to reducing the surge in serious crime enabled by improperly registered numbers.
The commitment follows an urgent, high-level meeting convened by Minister of Justice and Constitutional Development, Mmamoloko Kubayi, which brought together key government clusters, telecommunications CEOs, and regulators to confront what officials have described as a significant national security threat.
The government has vowed to strengthen enforcement of the Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA), with a major crackdown slated to begin on July 1, 2026.
Prepaid voucher manufacturer, Securi-Tech, lauded the government’s intent but highlighted the need for immediate, achievable steps.
“Currently, not enough is being done; however, we welcome the commitments made by Minister Mmamoloko Kubayi of the Department of Justice and Constitutional Development to rectify the situation,” the company stated.
Securi-Tech pointed to systemic flaws in the distribution chain as the main driver of the problem.
“SIM card distribution is flawed, with third-party distributors falsely registering millions of SIM cards each year to false identities, making them untraceable and allowing anonymous communication by criminals to flourish,” it noted.
The company advocates for practical measures already employed in other security-sensitive industries. One “easy solution”, according to Securi-Tech, is to mandate tamperproof packaging.
“Tamperproof packaging, as used with bank cards, can also reduce the likelihood of cloning SIM cards because it blocks unique SIM card data,” Securi-Tech noted, adding that this would “significantly limit the current practice of pre-RICAing cards before sale to consumers”.
The company also urged Parliament to mandate biometric registration of SIM cards, referencing systems already used by South African banks for remote account registration.
According to Securi-Tech, many countries including the UAE, Thailand, Philippines, Nigeria, and India have shown SIM cards can be correctly registered to individuals and linked to biometrics such as facial recognition, a system already used in South Africa by banks to register new bank accounts remotely.
Meanwhile, private investigator Rick Crouch, who has more than 30 years of experience gained working with the FBI and local police departments, echoed the call for enforcement, stating that the problem is rooted in a lack of internal control within the retailers themselves.
Crouch, managing director of Rick Crouch and Associates, said he has been calling for the enforcement of the current RICA legislation for years, pointing to the scope of the problem in his own work.
“About 80% of the cell numbers we come across in our investigations are either not RICAd or RICAd to the wrong person,” he revealed.
While supporting the government’s focus on the issue, Crouch warned that legislative amendments alone would be ineffective without tightening internal processes and enforcing the existing law.
“You can go to any street corner of a small, medium, or large town/city in this country and buy SIM cards that are already 'RICAd',” Crouch said.
He emphasised the need for “real controls in the retailers with an electronic audit trail to track each and every SIM card”.
Crouch also pointed to the complicity of internal operators in serious crimes facilitated by SIM weaknesses.
“There are syndicates inside these phone companies that facilitate this. Another serious problem is SIM swap fraud; this requires someone on the inside.”
The police, in their presentation to the JCPS Cluster meeting, had highlighted that weaknesses in registration have “limited law enforcement's ability to effectively trace suspects and utilise lawful interception measures”, associating improperly registered SIM cards with serious crimes, including banking fraud, cash-in-transit heists, and extortion.
However, Crouch expressed scepticism about the government's resolve, despite acknowledging the severity of the threat.
“One thing they got right is that it is a serious problem and it is a facilitator of almost every type of cyber-related crime. But although they acknowledge the seriousness of it and that it is a threat to national security, they are not serious about enforcing it,” he said.
The government has confirmed it will finalise a draft legislative proposal by June 2026 to update RICA to keep pace with evolving criminal trends and technology like eSIMs.
In the interim, both industry and investigative voices insist that the most effective tool is the immediate, non-negotiable enforcement of the regulations already on the books.
karen.singh@inl.co.za