By | YOUNG, D
The Nigerian Communications Commission (NCC) is set to launch a new cross-sector data platform designed to curb fraud, identity theft and wrongful profiling linked to SIM card recycling, in what industry stakeholders describe as one of the most far-reaching telecom–financial sector collaborations in recent years.
Known as the Telecoms Identity Risk Management System (TIRMS), the portal will collect and share information on mobile numbers that have been recycled (churned) or flagged for suspected fraudulent activity, and make this data available to key regulators and authorised institutions across the economy. The platform is expected to go live after a consultation process that runs through March, signalling a decisive regulatory response to growing complaints around SIM reuse and its intersection with banking, security investigations and digital identity systems.
A response to hidden dangers of SIM recycling
Under existing rules, Nigerian mobile numbers that remain inactive for 360 days – with no revenue-generating activity such as calls, SMS, data sessions or chargeable USSD – can be withdrawn by operators and reassigned to new users. The practice, known as SIM recycling or churn, helps conserve scarce numbering resources but has increasingly produced unintended consequences in a digital economy where one phone line often anchors bank accounts, investment portfolios, pensions, social media profiles and even national identity records.
In multiple reported cases, new owners of recycled numbers have received sensitive messages, one-time passwords and transaction alerts meant for previous users, or even been drawn into criminal investigations for offences linked to former subscribers who originally registered the SIM. In one widely cited incident, a man was detained for weeks after buying a SIM card previously registered to a former president’s daughter, highlighting how a routine telecoms process can morph into a serious human-rights and due-process issue.
NCC officials, in a regulatory document, acknowledge that these developments have created issues of security and integrity of phone number ownership, especially as telecoms churn policies now interact more deeply with banking, capital markets, identity management and law-enforcement operations.
What the TIRMS portal will do
According to documents shared with stakeholders, the TIRMS portal has been developed in collaboration with mobile network operators and will be hosted by the NCC as a centralised risk-management hub. It will perform three core functions:
- Maintain a live database of churned or recycled numbers, so that other sectors know when a mobile line has officially changed hands.
- Store details of numbers reported by other regulators or institutions as being involved in fraud or financial crime.
- Provide controlled access to this information for authorised stakeholders to improve identity verification, transaction monitoring and fraud prevention.
Key beneficiaries will include the Central Bank of Nigeria (CBN), the Securities and Exchange Commission (SEC), pension regulators, the National Identity Management Commission (NIMC), security agencies and other designated organisations with a clear legal mandate and defined use-cases. A memorandum of understanding between the NCC and CBN is being finalised to spell out how banks and other financial institutions will plug into the system and harmonise their Know-Your-Customer (KYC) procedures with telecoms data.
Regulators concede that integrating data needs and KYC frameworks across multiple sectors will require significant dialogue, underscoring the complexity of aligning telecoms subscriber records with banking, capital-market and national-ID databases without over-sharing or violating privacy principles.
Rule changes: from silent churn to mandatory alerts
To support the rollout of TIRMS, the NCC is moving to amend several regulatory instruments that currently govern numbering, quality of service and subscriber registration. These include the Numbering Regulations 2008, the Quality of Service Regulations 2024 and its Business Rules, as well as the Registration of Communications Subscribers Regulations 2022.
One of the most impactful proposed changes is the introduction of mandatory pre-churn notifications. Under the revised rules, subscribers whose lines are about to be classified as inactive and scheduled for recycling must receive alerts through alternative contact channels within a specified window, giving them an opportunity to reactivate or “park” their numbers.
The line-parking option, already recognised in existing quality-of-service rules, allows subscribers who anticipate being unreachable – due to relocation, prolonged travel, or medical reasons – to preserve their numbers for up to one year at minimal cost, shielding them from being silently churned and later reassigned.
The amendments will also establish a formal framework for warehousing churned numbers in the TIRMS database, define who can query what, and create clearer procedures for blocking numbers that have been linked to fraudulent activities once they are reported through the portal.
How banks, capital markets and security agencies will use it
In practical terms, the TIRMS portal could transform how banks and other financial institutions treat the mobile number as an element of customer risk. At present, a bank may continue to send one-time passwords, transaction alerts or sensitive notifications to a number long after it has been reassigned at the network level, because there is no standard, real-time feed from the telecoms side indicating that a line has changed ownership.
With TIRMS, a bank onboarding a customer or updating KYC records will be able to verify that the phone number provided is not in the churned-numbers pool and has not recently been recycled to a different subscriber. Capital-market operators will gain an additional signal when monitoring suspicious trading patterns or market-abuse cases tied to phone contacts, while pension regulators and the national ID authority can use the data to tighten their own identity-validity checks.
Security and law-enforcement agencies, which often rely on call-detail records and SIM registration data to trace suspects, will similarly have a clearer picture of whether a number they are tracking still belongs to the original person of interest or has passed through multiple hands due to churn. That, analysts argue, could reduce wrongful arrests and misdirected investigations stemming from outdated assumptions about SIM ownership.
What it means for ordinary subscribers
For everyday mobile users, the most immediate promise of the TIRMS portal is stronger protection against identity theft, SIM-related financial fraud and wrongful liability for offences committed by unknown previous owners of a number. Mandatory churn notifications and the formalisation of line-parking mean subscribers are less likely to lose long-unused numbers without warning, especially those tied to critical services or long-standing contacts.
Consumer-rights advocates, however, say the success of the initiative will depend on how transparent the process is, how robust the access controls are, and whether individuals can challenge or correct entries if their numbers are erroneously flagged on the system. Data-protection experts are also watching closely to see how the NCC and partner regulators balance the need for real-time cross-sector data flows with Nigeria’s emerging privacy framework and global best practices around data minimisation and purpose limitation.
Still, with cyber-enabled financial crime on the rise and mobile numbers sitting at the centre of Africa’s fast-growing digital economy, the TIRMS portal marks a significant attempt to harden one of the weakest but most widely used identity anchors in Nigeria’s connected life.
Destiny Young is a Technology and IT Infrastructure Management Executive and Cybersecurity Professional with extensive experience in enterprise systems, digital transformation, and cybersecurity management. He holds a First Class Master of Science degree in Digital Transformation, a Distinction grade Master of Business Administration with a specialisation in Cybersecurity, and a Master of Technology degree in Information Technology. His work focuses on strengthening cyber resilience in organisations and examining the relationship between technology, risk, and business strategy. Destiny is also an active academic researcher with a strong interest in cybersecurity governance and threat mitigation. He writes regularly on digital security issues affecting businesses in Nigeria and contributes to industry discussions on cyber risk management and policy development.
