New NCC rules mandate telcos to flag suspected fraudulent numbers in real time

Nigeria’s telecom regulator, the Nigerian Communications Commission (NCC), is tightening its grip on the mobile phone number. New regulatory proposals would require telecom operators to flag high-risk phone numbers in real time, an intervention aimed at curbing rising fraud and restoring trust in digital systems.

At the centre of this effort is the proposed Telecoms Identity Risk Management System (TIRMS), a centralised platform that will track and verify the risk status of mobile numbers across sectors.

Mobile phone numbers, formally known as Mobile Station International Subscriber Directory Numbers (MSISDNs), have evolved far beyond communication tools. Today, they are essential identity anchors used across banking, e-commerce, government services, and digital authentication systems.

According to NCC’s Executive Vice Chairman, Aminu Maida, this transformation has introduced serious risks. “The mobile phone number has evolved into a critical identifier underpinning financial transactions, digital authentication, and access to essential services,” he said during a stakeholder consultation on Thursday, March 26, 2026. “This evolution, however, has created new and challenging vulnerabilities.”

As more services depend on mobile numbers for verification, any weakness in how those numbers are managed becomes a system-wide risk.

Fraud is exploiting SIM lifecycle loopholes

The NCC’s intervention is driven by a surge in fraud linked to how phone numbers are recycled and reused. Fraudsters are increasingly taking advantage of churned, swapped, barred, or recycled numbers to gain unauthorised access to financial accounts and digital services.

When a number becomes inactive and is eventually reassigned to a new user, it can still be linked to the previous owner’s digital footprint. This creates a dangerous loophole, particularly during account recovery processes where phone numbers are often treated as proof of identity.

Maida noted that “the fraudulent use of churned, recycled, swapped, and barred MSISDNs has become a significant vector for financial fraud and identity theft,” adding that the trend is eroding public confidence in digital platforms.

TIRMS introduces real-time risk visibility

To address these vulnerabilities, the NCC is introducing TIRMS as a unified, cross-sector platform for managing telecom-related identity risks. The system will allow telecom operators, banks, regulators, and other authorised entities to verify the status of a mobile number in real time.

This means service providers can instantly determine whether a number has recently been reassigned, swapped, flagged for suspicious activity, or blacklisted. The goal is to enable risk-based decision-making before access is granted to sensitive services.

The platform is designed to strengthen identity integrity, improve fraud detection, and create a consistent standard for mobile number verification across industries. As Maida explained, TIRMS is intended to “provide a uniform approach for managing all risks relating to the integrity and utilisation of registered mobile numbers.”

New rules will compel telcos to act

To make TIRMS effective, the NCC is backing it with new regulatory requirements that will directly impact telecom operators. These rules will ensure that telcos not only supply data to the platform but also actively participate in managing number-related risks.

Operators will be required to notify subscribers at least 14 days before their numbers are churned or reassigned. They must also submit details of churned numbers to the TIRMS platform within seven days of the process being completed.

In addition, the new framework introduces clearer rules for blocking numbers linked to fraudulent activity, creating a more structured approach to tackling abuse within the telecom ecosystem.

These measures are designed to promote transparency, protect consumers, and ensure that all stakeholders are working with the same, up-to-date information.

Industry questions execution

Telecom operators have raised concerns about how the system will work in practice.

MTN, the country’s largest telecom operator, noted that a similar real-time notification system already exists through a joint NCC and Central Bank of Nigeria initiative. However, adoption by financial institutions has been low, limiting its effectiveness.

The company warned that TIRMS could face the same challenge if participation is not made compulsory. Without strong buy-in—particularly from banks—the platform risks becoming another underutilised tool.

MTN has called for deeper collaboration between regulators, including a mandate from the Central Bank requiring financial institutions to integrate with the system. It also recommended setting up a technical working group to address operational issues such as system integration, cost recovery, and implementation standards.

Practical limitations could affect rollout

Some of the proposed rules may also face real-world constraints. For instance, the requirement to notify users 14 days before their numbers are reassigned assumes that operators have access to alternative contact details, such as secondary phone numbers or email addresses.

In reality, many subscribers do not provide this information or use numbers across different networks that operators cannot easily verify. This could limit the effectiveness of the notification system, according to MTN.

There are also broader concerns about data integration, given the absence of a unified, real-time database of all NIN-linked phone numbers across networks.

Despite these concerns, the NCC is emphasising a collaborative approach to implementation. The Commission is positioning TIRMS as a cross-sector solution that will require coordination between telecom operators, financial institutions, regulators, and law enforcement agencies.

“This forum signposts the Commission’s strategic focus on collaboration across different sectors,” Maida said, stressing the importance of a participatory approach to rule-making.