If you’ve ever tried to register a new Safaricom SIM card in the evening, you’ve likely encountered an unexpected hurdle.
Once the time reads 7pm, Safaricom agent shops across Kenya suddenly stop processing SIM card registrations, leaving you scrambling to find alternative solutions or waiting until the next day.
This seemingly arbitrary cutoff time is Safaricom’s tactical response to a growing threat that has been plaguing mobile networks worldwide: SIM swap fraud.
Safaricom has noticed an emerging trend that fraudulent SIM card registrations were disproportionately occurring during evening hours, when oversight tends to be more relaxed and verification processes might be less rigorous.
By restricting registration activities to daytime hours at agent locations, the company effectively closes a window of opportunity that criminals had been exploiting.
After 7pm, customers can only register new SIM cards at official Safaricom Customer Care Shops, which typically operate from 9am to 7pm.
This approach ensures that all evening registrations, though limited, occur under direct company supervision rather than through the broader agent network.
SIM swap fraud is one of the most sophisticated forms of identity theft in the digital age. The crime begins long before a fraudster ever steps foot in a mobile shop.
Criminals spend considerable time gathering personal information about their targets through various channels, including social media surveillance, phishing attacks, data breaches, and social engineering tactics.
Once ready with details like full names, national ID numbers, dates of birth, phone numbers, and addresses, fraudsters contact mobile network providers while impersonating their victims.
They typically claim their phone was lost or stolen and request that their number be transferred to a new SIM card. The deception often succeeds because criminals can answer security questions and provide the personal information they’ve meticulously collected.
When successful, the victim’s original SIM card becomes deactivated while a new one under the fraudster’s control becomes active, complete with the victim’s phone number.
True devastation of SIM swap fraud becomes apparent once criminals gain control of a victim’s phone number. They can intercept one-time passwords sent via SMS, which are crucial for two-factor authentication systems.
This access opens the door to online banking accounts, email systems, and social media profiles.
With such access, fraudsters can transfer funds, change account passwords, and commit extensive identity theft. The victim often remains unaware of the breach until substantial damage has already occurred, making recovery both difficult and time-consuming.
Safaricom’s SIM registration cutoff is just one element the telco has employed to prevent fraud in its operations. Lately, the company has been very active in addressing vulnerabilities across its entire network ecosystem.
Last year, Safaricom implemented a geo-locking policy targeting the agent network. This system automatically deactivates M-Pesa tills when agents attempt to conduct transactions outside their designated geographical boundaries.
This technology directly addresses a common fraud scheme where agents register payment tills in one location but operate them elsewhere to facilitate unauthorized transactions.
The geo-locking system has proven remarkably effective. Safaricom reported that the technology has enhanced regulatory compliance while cases of asset misappropriation, including till theft, dropped to zero.