Concerns that scammers may have registered SIM cards using stolen MyKad information have long been valid. Fraudsters have exploited this loophole to activate “mule” SIM cards for scam calls and identity fraud. In 2024, Malaysia recorded 2.98 million scam calls, nearly double the 1.63 million logged in 2023.
Beginning 1 December 2025, this vulnerability is being addressed. Malaysian telecommunications companies are integrating MyDigital ID into their mobile applications in collaboration with the Malaysian Communications and Multimedia Commission (MCMC) and the National Cyber Security Agency (NACSA). The move is intended to curb scams, impersonation and identity misuse by tightening verification for SIM card registration.
Users will now be able to log into their telco apps and view all prepaid numbers registered under their MyKad. Any unfamiliar numbers can be flagged as fraudulent and subsequently blocked. New prepaid registrations will require verification via MyDigital ID, including biometric checks, meaning photocopied ICs will no longer be accepted. Telco apps will also begin offering Single Sign-On via MyDigital ID, removing reliance on passwords or SMS OTPs that are vulnerable to phishing attempts.
NACSA CEO Dr Megat Zuhairy Megat Tajuddin said rollout may differ depending on the provider. Some telcos may adopt one feature initially, others two, with full implementation taking place gradually. He emphasised that the initiative’s core objective is to ensure scammers cannot exploit unverified SIM cards as an entry point for criminal activity.
He also clarified that MyDigital ID does not store user data, monitor activity or collect new information. It only confirms identity against National Registration Department records during login.
Users are encouraged to download the MyDigital ID app if they have not already done so and check their telco apps for the new verification functions, noting that availability may vary depending on the provider.
