Home
+
Published : 04 Jun 2026, 02:00 AM
Blackmarket Biometrics: Inside the Illicit SIM Trade
Black-market boom: A thriving trade in pre-registered SIMs on social media and high streets is completely undermining biometric security
Parallel finance: Crimewaves are being funded by bundled SIMs and fake mobile wallets that allow syndicates to launder cash abroad
Data compromised: Corrupt insiders and data leaks have allowed fraudsters to exploit stolen NID data, even using centenarians' IDs
Retail fraud: Dishonest retail agents are actively duping unsuspecting customers to register extra, unauthorised SIMs for resale
Tech under fire: Experts urge telecom firms to adopt AI tracking and slash the personal SIM card limit to curb epidemic-level scams
The advertisements are hardly hidden.
On Facebook Marketplace, in private groups and at small mobile-phone shops across Bangladesh, SIM cards registered in other people's names are openly bought and sold.
Some come bundled with verified mobile financial service (MFS) accounts. Others are linked to merchant accounts that require trade licences and banking documents.
Ten years after Bangladesh introduced biometric SIM registration, anonymous digital identities remain remarkably easy to obtain.
Law-enforcing officials say criminals have taken full advantage.
Fake social media profiles are created using anonymously registered SIMs. Fraudsters collect money through mobile wallets opened in someone else's name.
Online gambling networks, cybercriminals and organised syndicates use these accounts to collect proceeds and operate behind layers of anonymity.
In theory, every digital transaction leaves a trail. In practice, Bangladesh's thriving market for anonymously registered SIMs and mobile wallets often leaves investigators chasing identities that do not exist.
Law-enforcing officials say the combination of anonymous SIM cards and mobile financial service accounts has created a parallel financial infrastructure that allows criminals to receive, transfer and conceal funds with relative ease.
A Digital Sanctuary for Criminals
Creating a false digital identity is often the first and most important step in cybercrime.
Police say Bangladesh's persistent problem with anonymous SIM registration has made that process far easier than it should be.
According to investigators, such SIMs are used for:
• Hacking victims through malicious links
• Stealing bKash and banking passwords
• Online gambling operations
• Live pornography services
• Advance-payment fraud involving online sales
• Illegal financial transactions
Police say proceeds from many of these crimes are ultimately routed through mobile financial service accounts registered under false identities, further complicating efforts to trace suspects.
The scale of the problem has repeatedly surfaced during police operations.
On Jan 12, Dhaka Metropolitan Police's Detective Branch (DB) arrested eight people, including five Chinese nationals, in Dhaka. Officers recovered 51,261 SIM cards from multiple operators, along with 21 VoIP GSM gateways and other equipment.
Four months later, on May 13, detectives arrested another nine suspects, including six Chinese nationals. Authorities recovered 280 SIM cards and several GSM modules.
According to investigators, the group collected MFS agent SIMs registered under other people's identities from different parts of Bangladesh and connected them to GSM gateway devices, allowing hundreds of SIMs to operate simultaneously.
Police say the group relied heavily on agent SIMs linked to mobile financial service accounts, allowing funds to be received through digital wallets before being moved through wider criminal networks.
The syndicate was also running its own gambling portals and transferring vast sums abroad, particularly to China.
Investigators said mobile wallets served as the first collection point before funds were routed through wider laundering networks.
DB Additional Commissioner Shafiqul Islam said, "The money is reaching them through bKash or Nagad, and they are immediately laundering it overseas."
The problem is not confined to sophisticated international networks.
On Friday, the Rapid Action Battalion (RAB) said it had arrested two members of a train-ticket blackmarketing ring in Jamalpur and recovered 963 SIM cards.
Sold Openly, Online and Offline
Investigators say obtaining such SIMs is often remarkably simple.
According to DB chief Shafiqul, some retail agents exploit customers during registration.
"We have previously arrested SIM sellers and bKash agents involved in these activities. Suppose someone comes to buy a SIM using their biometric data and NID information. The agent may register several additional SIMs using the same details and keep them."
"They later sell those SIMs on the market. Criminals buy them and use them for different illegal activities. But when investigators try to trace them, they find the registration belongs to someone else."
Detectives say anonymous SIMs can be found in mobile-phone shops across the country.
Online, the trade is even more visible.
Over the past two days alone, more than 100 Facebook groups advertising such SIM cards were found. Some groups have more than 10,000 members.
Separate groups specialise in SIMs linked to bKash and Nagad accounts.
Some advertisements offer accounts that have already completed Know Your Customer (KYC) verification, while others market agent and merchant accounts that ordinarily require trade licences and banking documentation.
Accounts registered in women's names often command higher prices.
Sellers also advertise fully verified "bKash KYC SIMs", with prices varying according to the type of account and the perceived value of the registered identity.
One seller, speaking anonymously after being contacted through a Facebook group, said online businesses are major buyers.
Many traders lack the documents required for merchant accounts, he said. Purchasing a readymade merchant SIM gives them greater credibility with customers and often generates higher profits.
Mystery of the Centenarian SIM Buyers
Within Bangladesh's telecommunications industry, anonymous SIM registration has become something of an open secret.
A manager responsible for SIM sales at a mobile operator said the companies rely on Election Commission (EC) verification.
If an NID card is approved by the government database, operators have little authority to reject the registration.
The manager described bizarre cases uncovered by sales staff.
"In just two days in January this year, SIM cards were purchased in seven districts using the NIDs of at least 20 centenarians. Some were 108 years old, some 103. The registrations were approved."
The cases highlight concerns about misuse of identity data rather than weaknesses in biometric technology itself.
How Stolen Identities Feed the Trade
Telecom operators point to a larger problem.
In January, the Criminal Investigation Department arrested two EC computer operators accused of selling citizens' sensitive NID information for Tk 200 to Tk 300 per record.
The CID said that, using compromised credentials, the group accessed information linked to 365,608 national identity cards within just 30 days.
Investigators estimated the operation generated nearly Tk 110 million in illicit earnings in a single month.
Authorities have also reported leaks of biometric information belonging to Bangladeshi citizens.
Police say fingerprints and other personal data are being sold on the dark web and purchased by criminals seeking to create false digital identities.
Asked whether stolen biometric data could be used to obtain SIM cards in Bangladesh, Grameenphone CEO Yasir Azman replied: "Hackers can do many things if they want."
Everyone Points Elsewhere
Telecom operators and MFS providers acknowledge that fraudulent registrations occur.
But each points elsewhere for the root cause.
Yasir said operators do not control the entire system.
"We do not control the whole system. We cannot guarantee what is happening on the other side."
He said operators continue investing heavily in cybersecurity and have even shut down thousands of retail outlets suspected of wrongdoing.
Robi's Chief Corporate and Regulatory Officer Sahed Alam pointed to compromised national identity data.
"We have seen that our national identity data has been compromised. This is a very serious issue."
"If we cannot secure this area, securing other data will not help."
Mobile financial service providers acknowledge that fraudulent registrations remain a challenge despite increasingly sophisticated verification systems. Investigators say such accounts are particularly attractive to criminal networks because they provide an immediate channel for receiving and moving money.
bKash's Chief External and Corporate Affairs Officer retired major general Sheikh Md Monirul Islam blamed dishonest agents.
He said some agents persuade unsuspecting villagers to hand over identity cards, offer them small amounts of money and ask them to stand before a camera.
The victims often have no idea that a mobile wallet has been opened in their name.
"There is no reason for these KYC accounts to end up in the hands of Chinese nationals."
"By opening bKash, Nagad, Upay or Rocket accounts, they are committing financial crimes."
Can Technology Catch Up?
For technology entrepreneur and Bdjobs founder Fahim Mashroor, the industry's explanations are no longer enough.
Speaking at a BTRC seminar, he argued that both telecom operators and financial service providers must shoulder responsibility.
"Online gambling in Bangladesh has reached epidemic proportions over the last 10 to 15 years."
He questioned why individuals are still allowed to hold as many as 10 SIM cards.
More importantly, he said, technology already exists to identify suspicious behaviour.
"AI and modern technologies can be used to identify these suspicious accounts."
"The financial system must take responsibility. It cannot simply shift the burden to CID."
BTRC Vice-Chairman Abu Bakar Siddique agreed that the number of SIMs permitted per person deserves scrutiny.
A senior BTRC official said the limit was reduced from 15 SIMs to 10 in May last year. Regulators are now working to gradually lower it to five, although mobile operators oppose the move.
For now, however, the trade in anonymously registered SIM cards and mobile wallets continues to thrive -- a shadow marketplace where identities are commodities, digital wallets can become conduits for illicit funds, criminal networks remain elusive, and the promise of biometric security remains frustratingly incomplete.
