A viral post on X has reignited concerns about SIM recycling and data privacy in Nigeria’s telecoms and banking ecosystem. The user claimed she purchased a “brand-new” MTN SIM card but immediately began receiving debit alerts from United Bank for Africa (UBA)—despite not being a UBA customer.
Within hours, the incident sparked widespread debate about whether Nigerian telecom operators are reassigning previously used phone numbers without adequate safeguards, exposing new subscribers to financial notifications and sensitive information.
The SIM in question was reportedly issued by MTN Nigeria, the country’s largest telecom operator.
The question raised is simple but consequential: How can a new SIM inherit someone else’s banking alerts?
What Likely Happened: SIM Recycling
This scenario is not unprecedented. It is usually linked to a telecom industry practice known as SIM recycling or number reassignment.
How SIM Recycling Works
• Telecom operators have finite numbering resources.
• If a subscriber line remains inactive for a defined period (often 90–180 days depending on operator policy), it may be deactivated.
• After regulatory and internal waiting periods, the number may be reassigned to a new subscriber.
When this occurs, any third-party service (such as banks, fintech apps, loan platforms, social media accounts, or OTP systems) still linked to the previous owner’s number may continue sending notifications.
The core issue is not that the new SIM is “used.” Rather:
• The number was previously assigned.
• The previous owner did not update their bank or digital service records.
• The bank continues pushing alerts to the registered phone number.
Is This a Common Problem in Nigeria?
Yes—though it is underreported.
1️⃣ Regulatory Context
Nigeria’s telecom sector is regulated by the Nigerian Communications Commission (NCC), which permits number recycling after dormancy thresholds are met.
The NCC requires operators to:
• Observe quarantine periods before reassigning numbers.
• Ensure proper KYC and SIM registration compliance.
However, the regulator does not directly control how banks update customer contact details.
2️⃣ Banking Sector Dynamics
Banks—including UBA and others—send:
• Debit/credit alerts
• OTPs (One-Time Passwords)
• Transaction confirmations
• Loan notifications
If customers fail to update their phone number after:
• SIM loss
• Prolonged inactivity
• Travel abroad
• Line expiration
the bank continues using the last registered number.
This creates a systemic vulnerability when numbers are reassigned.
3️⃣ Documented Cases
Over the past several years in Nigeria:
• Social media reports show recurring complaints of inherited bank alerts.
• Some users have received loan reminders meant for previous owners.
• Others have been locked out of apps because recycled numbers were still tied to fintech accounts.
Consumer protection forums and telecom complaints channels confirm this is not an isolated event.
Globally, number recycling has also caused:
• WhatsApp account takeovers
• Cryptocurrency wallet access attempts
• Mobile banking OTP risks
So while alarming, the issue is structural—not unique to MTN or UBA.
Is It Dangerous?
It can be.
While merely receiving debit alerts does not give the new SIM owner access to the account, risks include:
• Exposure to partial financial data (transaction amounts, merchant names).
• Potential interception of OTPs if banks rely solely on SMS authentication.
• Social engineering risks if malicious actors exploit inherited alerts.
However, most Nigerian banks now require:
• App-based authentication
• PIN verification
• Device binding
• BVN-linked security layers
So access to funds through SMS alone is unlikely.
Still, privacy exposure remains significant.
Who Is Responsible?
The issue lies at the intersection of:
Stakeholder Responsibility
Telecom Operator Proper quarantine and reassignment processes
Bank Prompt updating of customer records
Customer Updating registered phone number after line loss
Regulator Consumer awareness and coordinated safeguards
The systemic gap is that telecom and banking databases do not dynamically cross-check number ownership after reassignment.
What Should Happen Next?
From a policy perspective, this raises important governance questions:
1. Should banks be required to reconfirm phone number ownership periodically?
2. Should number recycling quarantine periods be extended?
3. Should SMS-based alerts be supplemented with mandatory app-based confirmation?
Given Nigeria’s rapid digital financial inclusion growth—especially via mobile-first banking—this issue may become more visible.
What To Do If It Happens To You
If you receive another person’s bank alerts:
1. Contact the bank immediately and notify them.
2. Inform your telecom provider.
3. Do not attempt to access any linked accounts.
4. Document communications for consumer protection escalation if needed.
The viral MTN–UBA incident highlights a structural weakness in Nigeria’s digital ecosystem rather than a single corporate failure. SIM recycling is legal and necessary, but financial institutions must adapt their data hygiene practices to Nigeria’s mobile churn reality.
As Nigeria’s banking and telecom sectors become more technologically sophisticated—a trend you have previously noted strengthens compliance and interoperability—these edge-case vulnerabilities must be proactively addressed to preserve trust in digital finance.
