Mandatory registration of corporate SIM cards in Russia is not sufficiently secure as protection from scammers

This act requests that these entities disclose information about themselves and their employees who are using such services as a mandatory condition prerequisite for the provision of mobile telecom services.

The legal entities and the companies of sole traders are now required in particular to disclose information about their users of communication services – the individuals who have been given a corporate SIM card - as well as information about the subscriber numbers allocated to those employees by the mobile telecom operator. This information must be placed in the Unified Subscriber Identification and Authentication System (USIAS) integrated with the official public services portal - GOSUSLUGI. Moreover, information on the name of the subscriber (whether an organization or a sole trader’s company) has also to be entered in the USIAS. This information is to be entered into the system according to the established list and for each telecom operator with whom the subscriber has a contract. Then each employee using a corporate SIM card must confirm the accuracy of this information on the GOSUSLUGI portal.

The legal entities and the companies of sole traders are obliged to submit this information to the USIAS promptly after the conclusion of a contract with their telecom operator - but in any case before they start using the respective services. This statutory requirement gives the operators a possibility to check the information entered into the system before they start executing their contract with the subscriber. If the check detects some missing or inaccurate information, the operator has to notify the subscriber accordingly, giving them a deadline for entering or adjusting that information in the USIAS. Unless the customer submits the required information on its SIM card users within the specified period, the operator shall terminate the contract with this subscriber and discontinue servicing the subscriber numbers previously assigned to that organisation.

The required information had to be disclosed by 30 November of the last year regarding SIM cards purchased before 1 June 2021. Law also says that such cards shall be blocked in case this obligation is not fulfilled.

According to the Russian Ministry of Digital Development, Communications and Mass Media (Mintsifra), more than 20 million corporate SIM cards had been registered in Russia by early December, including equipment (M2M device) cards which are also subject to registration under the new legal requirements. According to analysts, there are approx. 32 million corporate SIM cards in Russia. At the same time, about 2.5 million corporate SIM cards (which is about 1% of the total number of subscribers in Russia) were cancelled by mobile operators due to the introduction of new rules, as per information at the end of December 2021.

The authors of the initiative say that the statutory disclosure requirements were introduced, among other things, to combat phone scammers who use SIM cards registered to legal entities. This scheme gave them an opportunity to gain illegal access to accounts of bank customers, etc., while remaining anonymous. According to legislators, it was supposed to solve this problem and make it easier for law enforcement agencies to identify malefactors through the adoption of an act on statutory registration of corporate SIM cards. Nevertheless, real life has demonstrated that phone scammers continue to threaten millions of Russia’s citizens on a regular basis. More specifically, the Russian Ministry of Internal Affairs states the total damage suffered in Russia from phone fraud was RUB 45 billion during the first 11 months of last year - whereas diverse social surveys found that one in each seven Russian citizens was attacked by phone scammers at some point in time.

An example of these criminal activities is the case that took place in the second half of last year: Several hundreds of mobile numbers were registered to a Novosibirsk company without knowledge of its owners and subsequently used to call people with the aim to find out their bank card details.

The company founder says that fraudsters had entered on behalf of the company into contracts with service providers for corporate SIM cards, forging the signature of the company’s signatory and the company’s stamp - and they had done it in some other regions of Russia different from the Novosibirsk region. Soon afterwards police started calling these Novosibirsk businessmen in follow-up investigations into multiple applications from damaged citizens. Having found out in whose name the SIM cards were registered, law enforcers had traced them back to that Novosibirsk company. Moreover, the businessmen also started receiving multiple complaints from mobile telecom operators because the registered numbers had been actively used, in particular to make international calls, while the concluded contracts envisaged post-payment for the services. As a result, the Novosibirsk company received invoices for several millions of roubles. 

The businessmen complained to police, but the initiation of a penal prosecution was declined because they could not produce some documents and in particular the original contracts with the mobile telecom operators for the servicing of these SIM card. As a result, the company is still facing claims to pay the bills for the provided telecom services.

Furthermore, despite enactment of this new law, a fraudulent scheme has persisted whereby a company registers hundreds or even thousands of corporate SIM cards to its name and then they are distributed free of charge in popular areas of some city (most often in Moscow). After users tops up their card balances and bind their accounts in various applications, including banking applications, to that phone number, the cards are blocked on the company’s request and subsequently restored by reissuance. The users of such “free” SIM cards are thus deprived of a possibility to access their funds.

Thus, despite introduction of the new requirements for mandatory registration of corporate SIM cards, phone fraudsters continue their criminal activities involving use of such cards. More active intervention on the part of the Russian law enforcement agencies is required in this respect – and the mobile phone subscribers who are at risk to fall victim to illegal actions should be more vigilant.