If you’ve ever had that paranoid thought, “Is someone running a scam using a SIM card registered in my name?” You’ve probably used the industry-standard *106# USSD code. It’s a decent tool that Safaricom, Airtel, and Telkom rolled out a while back to help us police our own digital identities.
But the Communications Authority of Kenya (CA) thinks decent isn’t good enough. And I totally agree with them.
In a new tender document released this week, the regulator has effectively declared its intent to build a bolder, centralized, cloud-based ID-to-SIM Card Checker. And after digging through the technical requirements, we have to admit: this isn’t just a government copycat project. It solves the one massive, glaring flaw of the current system.
The problem with *106#
Right now, the *106# system is network-siloed. If you dial *106# on your Safaricom line, you only see Safaricom numbers registered to your ID. To check if fraudsters have registered an Airtel line in your name, you literally need to find an Airtel line to dial the code. If you don’t have a Telkom or Equitel SIM, there’s no easy way to know whether your ID has been used on those networks. You are effectively blind to cross-network identity theft.
The CA’s “one-stop” solution
According to the tender (Number CA/SCM/OT/03/2025-2026), the CA is looking for a service provider to build a system that creates a unified view of your mobile identity.
Here is how the CA envisions this working, and it’s significantly smarter than what we have now:
1. The “universal” short code: Instead of USSD codes that behave differently per carrier, the CA wants a unified SMS short code. You will send your ID number via SMS to this code, and the system will do the heavy lifting.
2. Cross-network polling: This is the killer feature. The system is required to “query all Mobile Network Operators (MNOs) and Mobile Virtual Network Operators (MVNOs) databases” simultaneously. This means a single query will ping Safaricom, Airtel, Telkom, Equitel, and Faiba all at once.
3. A single, grouped report: The tender explicitly demands that the system return “a single SMS with all queried information… grouped by Network Operators”. The expectation here is that you get one text saying: “Safaricom: 0722XXX; Airtel: 0733XXX; Telkom: None.”
The tech stack under the hood
The CA isn’t playing around with the specs. They are asking for a solution that is deployed on the cloud, ensuring high availability and redundancy.
Here are the nerdy specs that caught our eye:
- Throughput: The system must be capable of processing 5,000 SMS per minute. That is a lot of anxious Kenyans checking their status at once.
- Data privacy: The results won’t just dump raw numbers. The system requires “capability to mask portion of the queried data,” likely showing
0722***123to prevent privacy breaches if you mistype an ID number. - MVNO integration: Unlike some current tools that treat MVNOs like Equitel as second-class citizens, this tool mandates integration with all virtual operators.
Is the CA’s ID-to-SIM Card Checker redundant or necessary?
You might argue that the telcos should have just interconnected their *106# databases. But given the competitive nature of the market, a regulator-led “super-database” query tool makes more sense.
The current method relies on you being a customer of a telco to check that telco. The CA’s method treats you as a citizen first, allowing you to audit your identity across the entire telecom landscape in seconds. Also, the tender does not explicitly limit the service to USSD. That opens the door to a web-based portal, API integrations, possibly even integration with eCitizen or digital ID systems, and SMS alerts when a new SIM is registered against your ID.
That would be significantly more advanced than dialing a short code.
When is it coming?
The tender is currently open and closes on Wednesday, March 11, 2026. The winning bidder will have 6 months to complete the project.
So, while *106# is your best friend for today, by late 2026, we might finally have the unified fraud-busting tool we actually need.
What do you think? Is the CA right to step in, or should the Telcos have fixed this themselves? Let us know in the comments.
