What Happens When a SIM Swap Fraud Case Reaches Court and Your Audit Trail Isn’t Ready

The subscriber files the case. The operator’s legal team receives the papers. And then begins the process that no compliance team wants to be in the middle of: producing a complete, defensible record of everything that happened at the registration counter on the day of the SIM swap.

If the record exists ,  if the system generated it automatically, permanently, and without the ability to modify it,  the operator has a case to make. If it does not, the operator has a liability to pay.

Courts are now deciding SIM swap fraud cases against telco operators. The precedents are building. And the question they are asking is no longer simply whether fraud occurred. It is whether the operator’s registration process was adequate. Whether the operator took reasonable steps to verify who was standing at the counter. Whether the system enforced those steps, or whether a policy told agents to and hoped for the best.

This post is about what happens when that question is asked and the audit trail is not ready.

The legal cases operators need to know about

In 2025, the Karnataka High Court in India ruled against a telecom operator in a SIM swap fraud case and ordered the payment of damages. The court stated explicitly:

“Verification of a subscriber’s identity before a replacement or issuance of a duplicate SIM is not just an empty formality. It is a critical security measure upon which the financial safety of millions of bank account holders depends.”

 

This is not a technicality. It is the court stating, on record, that operators have a duty of care at the point of SIM swap — and that failing to meet it makes them liable for the consequences.

In Kenya, Safaricom has faced class-action suits from subscribers whose accounts were drained through SIM swap fraud. A Kenyan High Court ruling elevated the stakes further, holding that mobile phone numbers are part of an individual’s digital identity and protected under the right to privacy. What was once a routine telco operational decision — issuing a duplicate SIM — is now a legally consequential act.

In the United States in 2025, T-Mobile was ordered by a California arbitrator to pay $33 million in a SIM swap fraud case involving more than $38 million in stolen assets. The ruling followed a finding that the operator’s processes had failed to adequately protect the subscriber’s account from takeover.

In South Africa, SIM swap fraud accounts for 60% of mobile banking fraud losses — losses that reached $291.5 million in 2024. Litigation against operators is following the volume of incidents.

These are not isolated rulings from distant jurisdictions. They represent a direction of travel in how courts treat operator responsibility for SIM swap fraud. Nigerian operators are not immune to that direction.

What the court actually asks for

When a SIM swap fraud case reaches a regulator or a courtroom, the operator is asked to produce documentation that answers specific questions:

  • Who conducted the SIM swap, and what was their authorisation level?
  • What device was used, and was it an authorised registration device?
  • Where was the swap conducted, and was that location within the agent’s registered zone?
  • What identity was presented, and how was it verified?
  • What was the biometric match score, and what did the system do with it?
  • Was liveness detection applied? Did it pass?
  • Was the transaction routed to eyeballing? If so, who reviewed it and what did they decide?
  • What is the complete state history of the registration — every status change, every action, every decision?

These are not hypothetical questions. They are the evidence chain a court or regulator constructs when determining whether an operator acted with reasonable care. If the system cannot produce these answers — completely, accurately, and with no possibility of post-event modification — the operator cannot mount a defence.

And the absence of a complete record is not a neutral fact. It is itself evidence that the process was inadequate.

The three audit trail failures that expose operators

Most operators have some form of registration logging. The problem is not the existence of logs. It is whether those logs are sufficient for what a court or regulator actually needs.

Three audit trail failures consistently appear in the cases where operators are found liable:

 

Incomplete attribution.

The log records that a SIM swap occurred. It does not record which specific agent completed it, on which specific device, at which specific location. Without attribution at the action level — not just the transaction level — the operator cannot demonstrate that the agent who processed the swap was authorised to do so, was operating within their registered zone, or followed the required verification sequence.

 

Modifiable records.

A log that can be edited after the fact is not evidence. It is a document. Courts understand this. If the audit system allows records to be amended, deleted, or overwritten — by a supervisor, a system administrator, or through a routine data management process — the integrity of those records cannot be established, and the operator cannot rely on them in a dispute.

 

Missing verification outcomes.

The log records that biometrics were captured. It does not record the match score, the AI model version used to produce it, the liveness detection result, or the routing decision that followed. Without these data points, the operator cannot demonstrate that the biometric verification actually met the NCC’s required thresholds — or that it was conducted at all.

What a defensible audit trail requires

A defensible audit trail is not a registration log with a timestamp. It is an append-only, tamper-proof, actor-attributed record of every event in the registration process, from the moment the agent initiates the workflow to the moment the SIM is activated or rejected.

It captures, for every transaction:

  • The agent’s identity and authorisation level
  • The device ID and its registration status at the time of the transaction
  • The GPS coordinates of the transaction and their relationship to the agent’s registered outlet
  • The NIN submitted and the NIMC verification response
  • The biometric match score and the AI model version that produced it
  • The liveness detection result
  • The routing decision — auto-approve, eyeballing, or hard rejection — and why
  • Every state transition the registration went through, with timestamps
  • If eyeballing was triggered: the reviewer’s identity, the images compared, the decision made, and when

And it must be append-only. No record can be modified or deleted after it is written — not by the agent, not by a supervisor, not by a system administrator.

That is the record a court can rely on. That is the record that turns a SIM swap fraud allegation into a defence.

The operator’s position without it

If a subscriber files a case and the operator cannot produce that record, the legal position is straightforward: the operator cannot demonstrate that its registration process was adequate. The court draws the inference it is legally entitled to draw from the absence of evidence.

This is not a theoretical risk. It is the situation operators find themselves in when fraud litigation arrives and the system was not built to produce the record a court needs.

The audit trail is not a reporting feature. It is the operator’s legal defence — and it has to exist before the case is filed, not be assembled in response to it.

 

BioSmartX generates this record automatically.

For every registration. For every SIM swap. For every lifecycle event. The SubscriberAudit table is append-only and tamper-proof. No one inside the operator can modify it. When a regulator or a court asks what happened at the registration counter — the answer is already there.

 

See how BioSmartX builds the audit trail that defends you — request a demo.

more insights

Download Product Brief

Download Product Brief

Download Product Brief

Download Product Brief

Download Product Brief

Download Product Brief

Download Product Brief

Download Product Brief

Download Product Brief

Download Product Brief

Download Product Brief

Download Product Brief

Download Product Brief

Download Product Brief

Download Product Brief