Expert Guide to Mobile Money Security in Tanzania (2026)

Mobile money is now embedded in everyday life in Tanzania, handling everything from school fees and utility bills to business payments and remittances for both residents and the diaspora. At the same time, regulators report tens of thousands of attempted fraud cases each quarter, driven by social‑engineering scams, SIM swaps and fake SMS messages, even as awareness campaigns begin to reduce successful attacks.

This guide summarises the current scam patterns, the regulatory framework led by the Tanzania Communications Regulatory Authority (TCRA) and the Bank of Tanzania (BoT), the relative security of USSD versus mobile apps, and the practical recovery steps if your wallet or SIM is compromised.

Why mobile money security matters in 2026

• Scale of usage. TCRA’s communications statistics show tens of millions of active SIM cards and mobile money accounts, with mobile payments now central to retail transactions and government services.
• Documented financial losses. The joint Police–NBS Crime and Traffic Incidents Statistics Report recorded over TSh 5.3 billion lost to financial fraud in 2024, with the majority of cases linked to mobile phone and mobile money transactions.
• Fraud trends are evolving, not disappearing. TCRA data shows sharp swings in attempted fraud: a 33 percent jump in mobile money fraud attempts between late 2024 and early 2025 in some districts, followed by a roughly 10–19 percent decline later in 2025 as awareness and reporting improved.
• Regulatory response is tightening. TCRA has enforced biometric SIM registration and national campaigns like Janjaruka and Sitapeliki to promote safer behaviour, while BoT has issued the Financial Consumer Protection Regulations, 2019 and 2025 amendments to make providers responsible for fraud controls and complaint handling.

Current Scams (2025/2026)

“Tuma na hii namba” and social‑engineering SMS

The classic “Tuma na hii namba” scam uses a convincing SMS to trick you into sending money to a different number than the one you agreed with your relative, customer or seller. Messages often look like: “ile hela tuma kwenye namba hii; usipige, spika mbovu” or claim that the original number is unavailable, exploiting urgency and trust.

Why it works technically and socially:

• Trust in context. Fraudsters monitor common scenarios (sending money to family, paying a supplier, buying a product) and send the fake SMS shortly after an authentic conversation, so the victim assumes it is a follow‑up from the same person.
• Reliance on SMS as an “official” channel. Many users still see any SMS carrying a name and number as authoritative, especially when written in familiar Kiswahili and referencing real‑life situations.
• Low verification friction. Calling back to confirm costs time and airtime; many victims skip this step, especially for small or medium transfers, which fraudsters exploit.

TCRA action: Forward suspicious SMS and numbers to the official fraud‑reporting short code 15040 for investigation and possible blocking. TCRA News

SIM swap fraud and account takeover

SIM swap fraud occurs when criminals convince a mobile operator to issue a replacement SIM for your number, then use the new SIM to intercept one‑time passwords (OTPs), reset PINs and drain your mobile money and linked bank accounts.

Recent Tanzanian reports highlight:

• TCRA noting that cyber‑criminals steal identities and authorisation codes to swap SIM cards and access both mobile money and bank accounts.
• A 2025 “Mobile Money Panic” wave of SIM‑swap attacks, where victims received phishing messages claiming “suspicious activity” and were lured into sharing details that enabled account takeovers.

Why SIM swap fraud is effective in Tanzania:

• SMS‑based authentication. Many banks and mobile money providers still rely on SMS OTPs and PIN‑reset codes delivered to the phone number, so control of the SIM often equals control of the wallet or bank account.
• Data leakage and weak KYC handling. Stolen or leaked NIDA numbers, ID photos and personal details allow fraudsters to impersonate customers during SIM replacement.
• Fragmented coordination. Strong collaboration between TCRA, Police cybercrime units and service providers is still developing.

TCRA regulation: SIM Card Registration Regulations, 2020

Fake “reversal” and mistaken‑payment SMS

Fake reversal SMS claim that money was sent to you by mistake or that a previous transaction must be reversed, pressuring you to send funds back. BoT has warned about fraudulent financial messages that appear to confirm incoming funds, then demand “facilitation fees”.

Why fake reversal scams succeed:

• Manual reversal culture. Many users believe that mobile money reversals are handled informally between sender and receiver.
• SMS spoofing and look‑alike formats. Fraudsters copy the layout and wording of genuine mobile money notifications.
• Limited literacy on official reversal processes. Knowledge gaps around official dispute procedures make people vulnerable to social‑engineering narratives.

BoT guidance: Public Notice on Financial Scam Messages

Regulatory Framework

TCRA mandates on biometric SIM registration

Electronic and Postal Communications (SIM Card Registration) Regulations, 2020 require all SIM cards to be registered biometrically using a valid NIDA ID or National Identification Number (NIN) before activation.

Key elements:

• Online fingerprint verification with NIDA during registration
• Aims to eliminate anonymous SIMs and combat fraud
• Multiple verification drives to clean up legacy registrations

Consumer short codes:

• 100 – Official customer‑care number for all operators
• *106# – SIM‑registration self‑check and de‑register unknown numbers
• 15040 – Fraud and spam SMS reporting (toll‑free)

TCRA Official Website

BoT Financial Consumer Protection

Bank of Tanzania (Financial Consumer Protection) Regulations, 2019 (with 2025 amendments):

Core obligations:

• Formal consumer‑protection policy overseen at board level
• Clear disclosure of all fees and risks before transactions
• Internal controls to safeguard customer funds against fraud
• Effective complaints‑handling within mandated timelines

2025 updates:

• Full fee disclosure before electronic transactions
• Data protection aligned with Personal Data Protection Act
• Mobile payment complaints resolved within hours/days

Sema na BoT escalation channels for unresolved complaints.

BoT Consumer Protection

Mobile App vs. USSD

M‑Pesa App: Download – Fingerprint login + tokenisation
Tigo Pesa App: PIN required per transaction
Airtel Money: Via My Airtel app

Recommendation: Apps offer stronger security on secured smartphones; USSD essential for inclusion.

Recovery Protocols

Immediate action (0-30 minutes)

1. Document everything (SMS, transaction IDs, screenshots)
2. Call 100 (official customer care) from any phone
3. Request immediate wallet freeze + SIM block
4. Forward scam SMS to 15040

Legal SIM replacement

Requires:

• Police loss report (within 7 days)
• NIDA ID/NIN + fingerprint verification
• Owner must be physically present at agent

Vodacom SIM swap guide | Police LORMIS portal

Account recovery

1. File formal complaint with provider (branch/app/email)
2. Request fraud investigation + reversal
3. Escalate to Sema na BoT if unresolved

Timeline: Mobile disputes typically resolved in hours/days per BoT rules.

Best Practices (2026)

• Never share PIN – even with “operator staff”
• Verify “Tuma na hii namba” by calling known contact directly
• Check 106#* weekly for unknown SIMs under your NIDA
• Report to 15040 even if no loss occurred
• Diaspora tip: Use apps with biometrics; avoid giving relatives full PIN access

Stay safe! Report suspicious activity immediately via official channels. TCRA and BoT continue strengthening protections, but user vigilance remains essential.