The digital heist: Inside Africa’s $4B SIM swap and identity theft fraud crisis

The text message appeared on Samuel Okafor’s phone at 2:47 a.m. on a Tuesday in March. It looked official enough. It showed his bank logo, a warning about “suspicious activity,” and a link to verify his account. Half-asleep and alarmed, he tapped.

By 3:15 a.m., his M-Pesa account, containing three months of his taxi driving earnings, was empty. The entire Sh47,000 (about $360) is gone. His SIM card stopped working. His phone number, the gateway to his entire financial life, now belonged to someone else.

Samuel Okafor doesn’t exist, but his story plays out thousands of times daily across Africa. Welcome to the continent that revolutionised mobile money and inadvertently created the world’s largest fraud laboratory.

The paradox of Africa’s digital revolution

Here’s a statistic that should make Silicon Valley blush: 74% of all mobile money transactions on Earth happen in Africa. Not North America. Not Europe. Not Asia. Africa.

Sub-Saharan Africa boasts 1.1 billion registered mobile money accounts processing $1.1 trillion annually. M-Pesa alone handles more than $50 billion in Kenya each year. This is a country where 82% of adults use mobile money, the highest penetration rate on the planet.

This is a genuine success story. Some 469 million Africans now have access to formal financial services who never did before. No bank branches required. No credit checks. Just a phone number and a dream.

But here’s the other side of that coin, the one that keeps central bankers awake at night. Africa is also the world’s most fraud-exposed region, according to the 2025 Global Fraud Index. Not just vulnerable, the most vulnerable.

Out of 112 countries analysed, Nigeria ranks 109th in fraud protection. Only three countries on Earth are worse. The continent that built the world's most innovative payment infrastructure forgot to build the security to match.

Or perhaps that’s unfair. Perhaps it’s more accurate to say that Africa moved so fast, driven by necessity, innovation, and millions of unbanked citizens desperate for financial access, that the fraudsters got a head start.

And they’ve been running with it ever since.

On identity theft: The crime that eats everything else

Ask any cybersecurity analyst in Africa what keeps them up at night, and they’ll tell you it is identity theft. Not as an abstract category, but as the foundational crime that enables everything else.

Identity theft accounts for 63% of all digital financial crime in Africa, costing an estimated $4 billion annually. That’s not a typo. Four billion dollars. In a continent where the per capita GDP in many countries hovers around $1,500.

Why is identity theft so devastating in Africa? Because, unlike developed markets, where identity theft means fraudulent credit cards or fake tax returns, in Africa, it means something far more immediate and catastrophic. It means total financial erasure.

When your identity is stolen in New York, fraudsters might rack up charges on your Visa. You dispute them. The bank refunds you. Life moves on.

When your identity is stolen in Nairobi, fraudsters take over your phone number, access your M-Pesa account, drain your savings, take out mobile loans in your name, and disappear. You have no credit card company to call. No deposit insurance. Often, no recourse at all.

Your identity is your financial system. Lose one, lose everything.

This is the vulnerability at the heart of mobile-first finance: the SIM card is the skeleton key to your entire economic life.

SIM swapping: The $4M problem you’ve never heard of

Let’s talk about the fraud technique that security experts call “devastatingly simple”, and victims call “financial murder.”

Read also: Your new SIM could be someone else’s old number: Inside Nigeria’s risky SIM recycling system 

SIM swapping accounts for ~43% of all mobile money fraud in Africa. Here’s how it works, and I apologise in advance because you’re going to lose sleep over how easy this is:

• Step 1: A fraudster obtains your personal information, including name, ID number, and phone number. This data is embarrassingly easy to acquire. Data breaches expose millions of records. Corrupt insiders sell databases. Social media provides the rest.
• Step 2: The fraudster walks into a mobile network operator’s store with a fake ID or, more commonly, pays an employee to help. They claim you lost your SIM card and need a replacement.
• Step 3: Your phone number is transferred to a new SIM card. Your phone goes dead. Their phone comes alive, with your number.
• Step 4: Password reset links, two-factor authentication codes, mobile banking confirmations, everything flows to their phone now. They own your financial identity.
• Step 5: Empty your accounts. Take out mobile loans. Disappear.
• Total time: Often under an hour.

Safaricom, Kenya’s M-Pesa operator, admitted to losing more than $4 million to SIM card fraud in 2022 alone. That’s just one company, in one year, that actually disclosed the losses. Most operators don’t publish these numbers, which tells you everything you need to know about the scale of the problem.

The kicker?

In many African countries, mobile network operators face virtually no regulatory requirements for SIM replacement verification. Some require nothing more than a name and a phone number, the very information that’s already been stolen.

It’s a Catch-22 that would be darkly funny if it weren’t ruining lives.

Who’s losing what, where?

Let me give you the full picture of Africa’s fraud economy, because the numbers are staggering.

Nigeria, Africa’s most populous country and largest economy, holds the dubious distinction of being the 4th least protected country on Earth (109 out of 112 countries). In 2024, Nigerians lost ₦52.26 billion (approximately $32 million) to fraud, a 196% increase over five years.

But fraud cases actually dropped 31% over the same period. Losses went up 196%, and cases went down 31%. Do the math. Fraudsters aren’t working harder; they’re working smarter. Fewer attacks, much bigger paydays.

In the first quarter of 2025 alone, fraud losses inNigeria jumped 603% while cases rose only 7.63%. The sophistication is escalating faster than defences.

Kenya, the global mobile money pioneer, faced 2.5 billion cyber threats in Q1 2025, a 202% increase from the previous quarter. By mid-2025, that number hit 4.6 billion cyber threats in just three months. Total cybercrime losses: Sh29.9 billion ($230 million) in a single year.

For context, Kenya’s entire national budget for the Ministry of Health is about $2 billion. Cybercrime is eating more than 10% of that.

South Africa, the continent’s most sophisticated financial market and its best-protected country (though still ranked only 74th globally), saw digital banking crime surge 86% in 2024, jumping from 52,000 to 98,000 reported cases. Total fraud losses: R1.888 billion (approximately $103 million).

Here’s the truly alarming trend. 65.3% of all fraud in South Africa now comes from digital banking platforms. Not cards. Not ATMs. Not check fraud. Digital banking. The future of finance has become the present of theft.

Add it all up across the continent, and you’re looking at conservatively $3-4 billion in annual cybercrime losses, according to INTERPOL’s 2025 Africa Cyberthreat Assessment. Some analysts think the real number is double that, given massive underreporting.

The MMM case

Let’s zoom in on mobile money (the 3rd M = massacre), because this is where Africa’s achievement and its agony collide most dramatically.

Mobile money isn’t just popular in Africa; it’s foundational. It’s how people get paid, pay rent, send money to relatives, buy groceries, pay for medical care, save for emergencies, and increasingly, how they access credit.

The numbers tell the story: 1.1 billion registered mobile money accounts in Sub-Saharan Africa processing $1.1 trillion in transactions annually. M-Pesa, the Kenyan juggernaut, has 34 million subscribers just in Kenya, in a country of 54 million people. Do the math. Nearly two-thirds of the entire population, infants included, are registered users.

This is a staggering achievement in financial inclusion. The kind of leap that wins development awards and gets written up in Harvard case studies.

But it also created a target-rich environment that would make bank robbers of previous eras weep with envy.

Mobile money fraud losses hit $1.5 billion in 2022, and that’s almost certainly an undercount, given that many victims never report losses (either out of shame, futility, or fear). Between 58-72% of mobile money fraud involves social engineering – phishing, vishing, smishing, pretexting, impersonation scams, and good old-fashioned lies.

MTN, one of Africa’s telecom giants, lost $53 million to mobile money fraud in Nigeria in 2022. Flutterwave, a major fintech player, lost ₦11 billion (~$7 million then) in April 2024. Interswitch haemorrhaged ₦30 billion ($230 million) due to a system glitch that fraudsters exploited for chargebacks.

These are billion-dollar operations with dedicated security teams. If they’re losing this much, imagine what’s happening to smaller operators.

Amidst all of this, the vulnerability that doesn’t get enough attention is agent-assisted fraud, which accounts for 38% of mobile money theft.

Africa’s mobile money ecosystem relies on agents, shopkeepers, kiosk operators, and freelance merchants, who handle cash-in/cash-out transactions. Kenya alone has 381,000 M-Pesa agents managing 82 million accounts. These agents are the human interface of the digital revolution, the bridge between cash and code.

They’re also, in many cases, either fraudsters themselves or unwitting accomplices.

Some agents deliberately collude with criminals, facilitating unauthorised transactions in exchange for a cut. Others are themselves victims of social engineering, tricked into processing fraudulent transactions. And some are simply undertrained, unable to recognise red flags that would be obvious to security professionals.

Tanzania launched an agent training initiative in 2023, focusing on fraud detection. The result? A 51% decline in agent-assisted fraud. One program. One year. Cut fraud in half.

The tragic irony? Most countries haven’t bothered to replicate it.

This story continues with Part 2: The crypto scams that stole billions, the biometric systems being hacked, and whether Africa can fight back.

The post The digital heist: Inside Africa’s $4B SIM swap and identity theft fraud crisis first appeared on Technext.