PETALING JAYA: Malaysia’s latest move to fight online fraud by limiting users to five SIM cards per telco provider is a “necessary step” but it will not stop criminals from scamming the public, say cyber security experts.
Criminologist Dr Zalmizy Hussin described the SIM card limit as “a good and necessary step”, particularly as online scams become more sophisticated.
“In many fraud cases, phone numbers are the main tool used by scammers to create fake accounts, receive one-time passwords and make scam calls or messages while avoiding easy detection,” he said.
The Malaysian Communications and Multimedia Commission (MCMC) announced on Thursday that each person may only register up to five SIM cards per telco, while tourist-registered SIM cards will be automatically deactivated after three months.
Zalmizy, when contacted, said the move showed that the government wanted to reduce anonymous phone usage and make it harder for syndicates to purchase SIM cards in bulk.
He said stricter control over access to phone numbers increases the risks and costs faced by criminals, but warned that scammers are likely to adapt.
“This measure alone is not enough to completely stop scams because criminals will change their methods, such as using Internet-based applications, foreign numbers or hacking legitimate accounts,” he said.
Zalmizy said the effectiveness of the policy depends on wider systemic reforms, including stronger monitoring of mule bank accounts and closer coordination between banks, telcos and enforcement agencies.
“Limiting SIM ownership is a necessary first step, but scams persist as long as criminals can still move money quickly and hide behind false or temporary identities,” he said.
He pointed to countries such as Singapore and the United Kingdom, where suspicious transactions can be frozen rapidly and artificial intelligence is used to detect suspicious call patterns and block spoofed numbers.
“Ultimately, effective prevention means making every stage of the crime more difficult – from obtaining communication tools to transferring money and concealing identity.
“Limiting SIM cards is a good start, but scams will only decline when crime becomes too risky, too costly and no longer worth doing,” he said.
Cybersecurity expert Fong Choong Fook said the measure involving tourist SIM cards is sensible, as short-term visitors may not require active numbers beyond three months.
However, he questioned whether limiting individuals to five SIM cards per telco would significantly reduce scam activities.
“I’m not sure how this can curb scams. Many syndicates bulk-purchase SIM cards using different names,” he said.
Fong said that telecommunications companies are generally aware of their subscribers’ identities but may not act decisively when numbers are abused.
“Most telcos know their subscribers and the SIM card owners’ identities.
“But when these SIM cards are used for scams, they are not taking aggressive moves to block them,” he claimed.
He likened the situation to scam advertisements on social media platforms.
“It boils down to commercial arrangements,” he said.
