SIM simply means Subscriber Identity Module.

When SIMs were introduced, the purpose was to contain the user’s identification for the sake of the mobile network.

The small, relatively cheap physical objects were a convenient way of deploying subscriber identities separately from the bulky, expensive phone that may or may not have been supplied by the network operator.

The primary asset on the SIM is the identity of the user; a secondary asset is the cryptographic key that protects it.

You’ll note that this is an asset of the network operator. The user has little incentive in protecting his identity. In practice, the loss of this asset means that the phone has been stolen. The loss of the phone is usually a higher cost than the possible loss of communication credit to the thief.

Over time, phones started to have more and more features. In particular, on basic mobile phones, the SIM tends to contain private data such as an address book. This private data is an asset of the user. With the move towards feature phones and smartphones, the private data escaped the SIM, which went back to containing little more than the subscriber’s identity.

When you boot a basic phone, you’re typically prompted to enter a 4-digit code. That’s authentication for the SIM: basic phones tend not to have any authentication. When you boot a smartphone, it prompts you for its own authentication, and most users don’t bother with a SIM PIN on top.

But, it should be noted that access to the SIM allows the thief to impersonate the user, but only for a limited time, until it is reported stolen. If the thief has an unlocked SIM, he can access the user’s voicemail and SMS history. This is a reason to protect your SIM even in a smartphone, but a weak one for most people: mobile phone theft is predominantly about the value of the phone, also more and more about leveraging smartphone data, but rarely targeted at the victim’s private information. If you’re likely to be targeted for your private data (say, if you regularly negotiate multimillion deals on your phone), you’d better protect your SIM.

An unprotected SIM allows the thief to make phone calls without paying, and most importantly, anonymously. There are two main ways to make anonymous mobile phone calls: with a stolen SIM, if the thief isn’t caught; and with a prepaid SIM, if it is bought anonymously (typically for cash or with a stolen credit card). A stolen SIM is inconvenient for that purpose in that it has a limited useful life (only until the SIM is blacklisted, which the operator can do). If the stolen SIM can go undetected for long enough to be fenced, it is much more valuable, as it makes the link between the SIM and the thief hard to trace.

And so, “the need to lock your phones and SIM cards cannot be over emphasized. It prevents a lot of fraudulent activities including financial losses and impersonation”, according to CyberExperts.ng

Remember, USSD transactions can be carried out by anyone that has access to your sim/phone.

Below are steps you can take to protect your SIM and your phone:

Use screen lock

Many new phones offer a “pattern lock” – a personalised shape or pattern that is drawn on the screen to grant access. However, ensure that the screen is cleaned regularly. If your phone is stolen or lost any finger traces can sometimes be seen and accessed on the screen. Alternatively a PIN code offers an alternative and can also save time. Make your password difficult to crack but memorable for you. The best advice on creating secure passwords is to take the initial letters of a line in a song, play or book, and to make a password from those letters.

You can use remote tracking if you loose your phone. On Android it is called ‘Find my Device’ and on Apple iPhone it is called ‘Find my iPhone’. From here, you can remotely disable your phone if needed.

2. Use SIM card lock

A screen lock is helpful but won’t stop someone removing the SIM card from your phone and using it on another phone. To prevent this from happening, set up a SIM card lock in the form of a PIN number that will need to be entered when a phone is turned on in order to connect to a network.