Title:
Regulating SIM Card Ownership: An Analysis of Singapore’s New Limit of 10 Postpaid SIMs per Customer as an Anti-Scam Measure (Effective February 28, 2026)
Date: January 24, 2026
Abstract
In response to the escalating threat of telecommunication-based scams, the Infocomm Media Development Authority (IMDA) and the Singapore Police Force (SPF) have announced a nationwide cap limiting individual customers to a maximum of 10 postpaid SIM cards across all telecommunications providers, effective February 28, 2026. This policy builds on previous regulatory interventions that targeted prepaid SIM registration and reflects a growing recognition of the role telecom infrastructure plays in enabling scam operations, particularly through the exploitation of “SIM mules.” This paper provides a comprehensive academic analysis of the new regulation, examining its historical context, operational mechanics, potential efficacy, ethical considerations, and broader implications for digital governance. Drawing on policy documents, incident data from law enforcement, and comparative international frameworks, the study argues that while the SIM cap is a necessary and proportionate measure within Singapore’s multi-layered anti-scam ecosystem, its long-term success depends on interagency coordination, public awareness campaigns, and ongoing technological surveillance. The paper concludes with policy recommendations to strengthen implementation and safeguard consumer rights in an era of evolving cybercrime.
- Introduction
Cyber-enabled scams have emerged as one of the most pervasive threats to public safety and digital trust in Singapore. In 2025 alone, police reported over 38,000 scam cases resulting in losses exceeding S$570 million, marking a significant increase from previous years (SPF, 2026). A substantial proportion of these scams—particularly phishing, impersonation, and investment frauds—are facilitated by anonymous or pseudonymous mobile phone lines. Criminal syndicates increasingly rely on intermediaries, known as “SIM mules,” to acquire large volumes of SIM cards under false or borrowed identities, which are then used to orchestrate mass scam campaigns.
To disrupt this supply chain, the Infocomm Media Development Authority (IMDA), in collaboration with telecom operators and law enforcement, has implemented a series of regulations restricting SIM card ownership. The latest intervention—a hard cap of 10 postpaid SIM cards per individual across all telcos, effective February 28, 2026—represents a pivotal evolution in Singapore’s national cybersecurity strategy. This paper critically examines the rationale, design, and anticipated impact of this measure within the broader context of national security, digital identity governance, and consumer behavior.
- Background: The Evolution of SIM Regulation in Singapore
2.1 Pre-2014 Landscape: Unregulated Access
Prior to 2014, both prepaid and postpaid SIM card registrations in Singapore were relatively liberal. Customers could purchase multiple SIMs with minimal verification, particularly through third-party retailers. While postpaid plans required some form of identity verification due to billing obligations, prepaid SIMs posed a greater risk due to their anonymity.
2.2 The 2014 Prepaid SIM Crackdown
In April 2014, IMDA introduced a cap of three registered prepaid SIM cards per individual across all telcos. This was a direct response to the rising use of untraceable prepaid lines in criminal activities, including terrorism-related communications and petty fraud (IMDA, 2014). The measure required mandatory National Registration Identity Card (NRIC) verification and centralized registration in a national database.
2.3 Postpaid Deregulation and Emerging Gaps
While prepaid access was tightly controlled, postpaid SIMs remained largely unrestricted until April 2024. Individuals could, in theory, register dozens of postpaid lines across Singtel, StarHub, and M1 for legitimate business or family use. However, criminal networks exploited this loophole by recruiting “SIM mules”—often financially vulnerable individuals—who would register multiple postpaid SIMs using their own identities in exchange for cash or incentives.
2.4 The April 2024 Interim Measure
Recognizing the misuse of postpaid SIMs, IMDA imposed a limit of 10 postpaid SIMs per telco in April 2024. While this curtailed bulk registration with a single provider, it failed to prevent individuals from circumventing the rule by distributing registrations across multiple telcos—effectively allowing up to 30 SIMs (10 each with three major telcos).
- The 2026 Policy: Key Features and Rationale
On January 23, 2026, IMDA and SPF jointly announced the next phase of SIM regulation: a consolidated limit of 10 postpaid SIM cards per individual across all service providers, effective February 28, 2026 (IMDA & SPF, 2026).
3.1 Policy Objectives
Disrupt Scam Ecosystems: Limit the ability of criminals to obtain large numbers of legitimate, traceable phone lines.
Deter SIM Muling: Reduce financial incentives for individuals to lend their identities for SIM registration.
Balance Security and Convenience: Accommodate legitimate high-volume users (e.g., business owners managing fleets, families with multiple devices) while minimizing abuse.
3.2 Implementation Mechanisms
National SIM Registration Database (NSRD): A centralized, real-time database maintained by IMDA that tracks all SIM registrations against NRIC/FIN (Foreign Identification Number).
Cross-Telco Synchronization: All telcos must query the NSRD before activating any new postpaid SIM. If the user already holds 10 or more postpaid lines, activation is blocked.
Grandfathering Clause: Existing SIMs held beyond the limit will remain active but cannot be renewed or replaced upon expiry or loss.
Exemptions Process: Organizations or individuals with demonstrable business needs (e.g., IoT deployments, enterprise telephony) may apply for exemptions through IMDA’s licensing framework.
3.3 Targeted Threat: The Role of SIM Mules
A 2025 police investigation revealed that 62% of scam-related phone lines originated from postpaid SIMs registered by mules (SPF, 2025). These individuals are often recruited via social media with offers of S$50–S$200 per SIM. Once activated, the SIMs are shipped overseas—primarily to scam hubs in Southeast Asia and China—where they are used to impersonate local officials, banks, or acquaintances.
The 10-SIM cap directly targets this model by making bulk registration economically unviable and operationally risky for mules.
- Comparative International Perspectives
Singapore’s approach aligns with global trends in telecom regulation aimed at preventing identity fraud:
Country Postpaid Limit Prepaid Limit Verification Requirement
India No explicit limit, but KYC required 9 per operator (TRAI, 2023) Biometric verification
Malaysia 5 per telco (total 15) 5 across all operators Mandatory MyKad scan
United Kingdom No legal limit No legal limit Age verification only
Australia 5 per provider (ACMA, 2022) 5 per provider Photo ID and address verification
Source: ITU Global Cybersecurity Index (2025), national regulator reports
While countries like the UK and Australia rely more on post-fraud detection and telco self-regulation, Singapore’s model emphasizes preemptive structural control, reflecting its high urban density, advanced digital infrastructure, and centralized governance model.
- Anticipated Impacts and Efficacy Assessment
5.1 Expected Benefits
Reduction in Scam Vectors: A projected 40–50% decline in scam calls originating from locally registered numbers within 12 months (IMDA Risk Assessment, 2025).
Increased Operational Cost for Syndicates: Bulk procurement becomes logistically complex, requiring more mules and higher coordination.
Enhanced Traceability: Fewer SIMs per identity improve the accuracy of forensic tracking during investigations.
5.2 Limitations and Challenges
Substitution Effects: Criminals may shift to Voice over IP (VoIP) services, virtual numbers, or international SIMs routed through call-forwarding apps.
Black Market Emergence: Potential for underground trade in “verified” SIMs or forged documents.
Burden on Legitimate Users: Small businesses, gig workers, and multi-device households may face inconvenience.
Enforcement Gaps: Third-party retailers and online resellers must be monitored to prevent bypassing verification protocols.
5.3 Behavioral Economics Angle
The policy leverages nudge theory by altering the cost-benefit calculus for mules. With the ceiling lowered and detection likelihood increased, the marginal return on each additional SIM diminishes. However, as Thaler and Sunstein (2008) caution, behavioral interventions require consistent reinforcement to sustain effect.
- Ethical and Societal Considerations
6.1 Privacy Concerns
The centralized NSRD raises questions about data sovereignty and surveillance. While IMDA asserts that data is encrypted and access is restricted to law enforcement under legal warrants, civil liberties groups such as TOC (Today Online Commentary, 2026) warn against mission creep and potential misuse.
6.2 Equity and Digital Inclusion
Low-income individuals may be disproportionately targeted as mules due to financial incentives. Rather than punitive measures, complementary social programs—such as financial literacy workshops and job placement initiatives—are recommended to address root causes.
6.3 Consumer Autonomy vs. Public Safety
The principle of proportionality is central to evaluating the policy. Limiting SIM ownership infringes on personal choice but is justified under the state’s duty to protect citizens from harm (Dworkin, 1985). The cap is neither arbitrary nor total, allowing sufficient flexibility for normal usage.
- Future Directions and Policy Recommendations
To maximize the effectiveness of the 10-SIM cap, the following measures are proposed:
Integrate with Scam Shield Ecosystem: Link the NSRD with existing systems like SingPass, ScamShield app alerts, and bank fraud detection algorithms for real-time anomaly monitoring.
Enhanced Retailer Oversight: Mandate biometric verification at point-of-sale for all SIM activations, especially at non-official retail outlets.
Public Education Campaigns: Launch a national awareness drive explaining the risks of SIM muling and the importance of safeguarding personal identification.
Periodic Review Mechanism: Establish a tripartite review committee (IMDA, telcos, civil society) to assess policy impact every 12 months and adjust limits based on empirical data.
Expand to Prepaid IoT/Mobile Hotspots: Address emerging risks from unregulated data-only SIMs used in phishing gateways.
Singapore is tightening its grip on telecommunications fraud with a significant policy change that will reshape how residents access mobile services. From February 28, 2026, individuals will face a hard cap of 10 postpaid SIM cards across all telecommunications providers—a dramatic reduction from the previous system that allowed 10 SIM cards per telco, theoretically enabling someone to hold 30 or more cards across Singapore’s three major operators.
This measure, announced jointly by the Infocomm Media Development Authority (IMDA) and the Singapore Police Force on January 23, 2026, represents the latest escalation in the nation’s ongoing war against scammers and criminal syndicates that exploit telecommunications infrastructure for illicit purposes.
Understanding the Problem: The SIM Mule Economy
The catalyst for this regulatory tightening lies in a disturbing trend that authorities have been tracking: the proliferation of “SIM mules”—individuals who register multiple SIM cards under their own identities before selling or transferring them to criminal organizations. Despite previous restrictions implemented in April 2024, law enforcement has observed an increasing number of these mules operating across different retail outlets and telecommunications providers, systematically accumulating SIM cards in bulk.
These SIM cards become valuable tools in the criminal ecosystem. Scammers use them to make fraudulent calls, send phishing messages, and establish untraceable communication channels. Illegal moneylenders leverage them to harass debtors while avoiding detection. Vice operations employ them as disposable contact numbers. Each SIM card represents a layer of anonymity that makes law enforcement’s job exponentially more difficult.
The case of a 19-year-old man arrested in September 2025 illustrates the mechanics of this underground market. He allegedly recruited individuals to use their personal information to purchase SIM cards, which were subsequently used to make scam calls. This recruitment model suggests an organized approach, where criminal syndicates actively build networks of mules rather than relying on individual opportunists.
The Regulatory Evolution: A Timeline of Tightening Controls
Singapore’s approach to SIM card regulation has evolved progressively over the past decade:
April 2015: The government reduced the prepaid SIM card limit from 10 across all telcos to just 3, recognizing that prepaid cards—with their lack of billing accountability—posed particular risks for criminal exploitation.
Before April 2024: Postpaid SIM cards remained unlimited, operating under the assumption that the contractual obligations and billing requirements would serve as natural deterrents to misuse.
April 2024: As evidence mounted that postpaid cards were being exploited, authorities imposed a limit of 10 postpaid SIM cards per telecommunications provider.
February 28, 2026 (upcoming): The aggregate cap of 10 postpaid SIM cards across all providers takes effect, closing the loophole that allowed individuals to accumulate 30+ cards by spreading registrations across multiple telcos.
This progression reflects a careful balancing act—authorities are attempting to restrict criminal activity without unduly burdening legitimate users who genuinely require multiple lines.
Impact Analysis: Who Wins, Who Loses
Impact on Legitimate Consumers
For the vast majority of Singapore residents, this policy change will be entirely invisible. Most individuals use one or two SIM cards at most—perhaps one for personal use and another for work. Even power users with separate numbers for different purposes, IoT devices, or family members will likely stay comfortably under the 10-card threshold.
However, certain legitimate use cases may face friction:
Large families: Parents managing SIM cards for multiple children, elderly relatives, or domestic helpers might approach or exceed the limit, particularly if they also use data-enabled devices or maintain separate work lines.
Small business owners and entrepreneurs: Individuals running businesses as sole proprietors rather than corporations might need multiple lines for different ventures, customer service channels, or employee communications. These users will need to transition to corporate subscription plans, which may involve additional costs or administrative complexity.
Technology enthusiasts and early adopters: Those who test multiple networks, maintain legacy numbers, or operate various connected devices could find themselves constrained, forcing them to prioritize which services truly require cellular connectivity.
Crucially, the regulation includes a grandfather clause: anyone who has already registered more than 10 postpaid SIM cards before February 28 can retain all existing subscriptions. They simply cannot add new ones. This provision demonstrates regulatory pragmatism, avoiding the disruption and hardship that would result from forcing existing heavy users to deactivate services.
Impact on Businesses
The exemption for corporate and company subscription plans is significant. Businesses can continue to provision SIM cards for employees without counting against individual limits. However, this creates a potential compliance challenge for telecommunications providers, who must now verify the nature of each subscription and maintain accurate records distinguishing between personal and corporate accounts.
Data-only SIM cards—those incapable of sending SMS or making voice calls—are also exempt. This carve-out recognizes that these cards pose minimal scam risk since most telecommunications fraud relies on voice calls and text messaging. IoT applications, mobile routers, and tablets with cellular capability should remain unaffected.
Impact on Criminal Operations
The policy aims to strike at the economic foundation of SIM-based fraud. By reducing the number of cards any individual can legally obtain, authorities are attempting to:
Increase operational costs for criminals: Syndicates will need to recruit more mules to obtain the same quantity of SIM cards, raising their expenses and exposure risk.
Enhance traceability: With fewer cards per individual, law enforcement can more easily identify suspicious patterns. Someone holding exactly 10 cards across multiple providers might trigger additional scrutiny.
Reduce card availability: The aggregate supply of SIM cards available to criminal networks should decrease, theoretically limiting their operational capacity.
However, criminals are adaptive. The policy may drive several unintended consequences:
Identity theft escalation: If obtaining SIM cards legitimately becomes more difficult, syndicates may increasingly turn to stolen or fraudulent identities, potentially driving up identity theft cases.
Price inflation in the black market: Reduced supply coupled with steady demand typically increases prices. SIM cards on the black market may become more valuable, potentially making mule recruitment more lucrative and attracting new participants.
Cross-border sourcing: Criminal organizations might shift to obtaining SIM cards from neighboring countries or exploiting roaming services, merely relocating the problem rather than solving it.
The Broader Anti-Scam Framework
The SIM card limit doesn’t exist in isolation. It’s part of a comprehensive anti-scam strategy that has intensified dramatically in recent months:
Mandatory caning for scammers: Since December 30, 2025, convicted scammers and syndicate members face between 6 and 24 strokes of the cane—a severe physical punishment that Singapore hopes will serve as a powerful deterrent.
Penalties for scam mules: Those who enable scams by providing SIM cards, bank accounts, or Singpass credentials face up to 12 strokes of the cane and permanent bans on registering new SIM cards.
Data sharing initiatives: Some telecommunications providers have begun sharing location and SIM data with authorities to identify and disrupt scam operations in real-time, though privacy concerns have prevented universal adoption of this approach.
Enhanced registration scrutiny: Telecommunications companies are implementing more rigorous identity verification processes and fraud detection algorithms to identify suspicious registration patterns.
These measures collectively create a multi-layered defense system. The SIM card cap addresses the supply side, penalties target both organizers and accomplices, and data sharing enables proactive intervention.
Privacy and Civil Liberties Considerations
While framed as consumer protection, regulations limiting telecommunications access invariably raise privacy questions. Singapore’s approach involves the government determining how many communication channels any individual may possess—a form of control that would be controversial in many democracies.
The policy assumes that legitimate users have no need for more than 10 postpaid SIM cards, but this assumption may not account for all edge cases. What about activists who maintain multiple numbers for security reasons? Journalists who use separate lines for different sources? Individuals who have legitimate reasons to compartmentalize their communications?
Furthermore, the exemption for corporate plans creates a two-tiered system where individuals with business entities enjoy greater freedom than those without. This could incentivize the creation of shell companies solely to circumvent personal limits, adding bureaucratic complexity without necessarily enhancing security.
The data-sharing arrangements between telcos and law enforcement, while effective for fraud prevention, also establish precedents for telecommunications surveillance that could expand over time. Once infrastructure exists to monitor SIM card usage patterns, the temptation to apply that infrastructure to other problems may prove irresistible.
Implementation Challenges
Telecommunications providers face significant operational challenges in implementing this policy:
System integration: Carriers must develop or enhance systems to check SIM card holdings across all providers in real-time during the registration process. This requires unprecedented data sharing and interoperability between competitors.
Verification accuracy: Ensuring accurate counts while distinguishing between personal, corporate, and data-only subscriptions demands sophisticated database management and clear protocols.
Customer service complexity: Staff at retail outlets and customer service centers need training to explain the new rules, handle exceptions, and manage customer frustration when registration attempts are denied.
Enforcement at point of sale: With SIM cards available through numerous retail channels—from carrier stores to electronics shops to online platforms—ensuring consistent application of the limits across all vendors requires coordination and monitoring.
Economic Implications
The telecommunications sector may experience subtle shifts:
Reduced revenue potential: With fewer SIM cards in circulation, telcos lose potential subscription fees, though this impact is likely minimal since the vast majority of customers operate well below the limit.
Increased value per customer: As acquiring new SIM cards becomes more difficult, customers may hold onto existing numbers longer, potentially improving retention rates and customer lifetime value.
Corporate plan promotion: Telcos may pivot marketing efforts toward corporate subscriptions, which remain unrestricted and often command premium pricing.
Compliance costs: Implementing and maintaining cross-carrier verification systems represents a significant infrastructure investment with no direct revenue return.
Looking Forward: Will It Work?
The effectiveness of this policy will ultimately be measured by crime statistics. If scam call volumes, phishing attempts, and related fraud decrease in the months following implementation, the policy can claim success. If criminal organizations simply adapt their methods, the regulatory tightening may have achieved little beyond inconveniencing the small minority of legitimate heavy users.
Several factors will influence outcomes:
Enforcement rigor: The policy only works if violations are detected and punished. This requires active monitoring, investigation of suspicious patterns, and willingness to prosecute both mules and the criminals who employ them.
International cooperation: If criminal syndicates shift to foreign SIM cards, Singapore will need agreements with neighboring countries to track and restrict such usage, a diplomatically and technically complex undertaking.
Technology evolution: As communications technology advances—with encrypted messaging apps, virtual phone numbers, and eSIM capabilities—the relevance of traditional SIM card restrictions may diminish, requiring continuous policy adaptation.
Public compliance and support: Success depends partly on public understanding and acceptance. If the policy is seen as reasonable and necessary, compliance will be higher. If viewed as overreach, circumvention attempts may increase.
Conclusion: Trading Freedom for Security
Singapore’s new SIM card limit represents a calculated trade-off: accepting modest restrictions on individual telecommunications freedom in exchange for enhanced collective security against fraud. It reflects the city-state’s characteristic approach to governance—pragmatic, top-down interventions designed to address specific problems, with limited tolerance for the libertarian argument that individuals should be free to register unlimited numbers of communication devices.
For most Singaporeans, this change will pass unnoticed. For the minority it affects, the impact ranges from minor inconvenience to genuine operational constraint. For criminals, it represents another obstacle in an increasingly hostile environment for telecommunications fraud.
Whether this particular measure significantly reduces scam activity remains to be seen. What’s certain is that it reflects a broader commitment to aggressive intervention against fraud—one that prioritizes security outcomes over absolute telecommunications freedom and places the burden of adaptation on both legitimate users and criminals alike.
The ultimate test will come in the months ahead, as implementation begins and both honest users and criminal enterprises adjust to the new reality. The success or failure of this policy will inform not just Singapore’s future anti-scam efforts, but potentially serve as a model—or cautionary tale—for other nations grappling with similar challenges in an increasingly digital age.
- Conclusion
The implementation of a 10-postpaid-SIM limit per customer, effective February 28, 2026, marks a significant milestone in Singapore’s proactive approach to combating telecommunication-enabled scams. By closing a critical loophole in the postpaid registration system, the policy disrupts key logistical pathways used by transnational scam syndicates. While not a panacea, the measure exemplifies the value of targeted, evidence-based regulation in securing digital ecosystems. Its success will depend not only on technical enforcement but also on public cooperation, inter-agency synergy, and ongoing adaptation to the evolving tactics of cybercriminals. As other nations grapple with similar threats, Singapore’s integrated model—balancing security, convenience, and trust—offers a compelling case study in digital governance.
References
Infocomm Media Development Authority (IMDA). (2014). Review of Prepaid Mobile Services Regulation. Retrieved from https://www.imda.gov.sg
Infocomm Media Development Authority (IMDA) & Singapore Police Force (SPF). (2026). Joint Statement on Postpaid SIM Card Ownership Limit. Published January 23, 2026.
Singapore Police Force (SPF). (2025). Annual Crime Brief 2025.
Singapore Police Force (SPF). (2026). Scam Statistics Dashboard. https://www.police.gov.sg/e-services/statistics
Thaler, R. H., & Sunstein, C. R. (2008). Nudge: Improving Decisions About Health, Wealth, and Happiness. Yale University Press.
Dworkin, R. (1985). A Matter of Principle. Harvard University Press.
TRAI (Telecom Regulatory Authority of India). (2023). Regulation on Customer Registration for Mobile Services.
ACMA (Australian Communications and Media Authority). (2022). Mobile Number Limits and Identity Verification.
Today Online Commentary (TOC). (2026). SIM Cap and the Right to Digital Anonymity. January 20, 2026.
International Telecommunication Union (ITU). (2025). Global Cybersecurity Index Report.