Indonesia Mandates Biometric SIM Registration to Combat Cybercrime Surge

Indonesia has introduced a mandatory facial recognition requirement for all mobile phone registrations, a sweeping move aimed at dismantling the anonymity used by online fraud syndicates and "scam factories."

Minister of Communication and Digital Affairs Meutya Hafid (center) and Deputy Minister Nezar Patria (left) observe a citizen registering a mobile SIM card using the new biometric facial recognition system at a cellular operator outlet in the Sarinah Building, Jakarta. The mandatory biometric registration is part of a government initiative to combat online fraud and cybercrime. (Photo: Amiri Yandi/InfoPublik/KPM Kemkomdigi)

JAKARTA — Under the newly signed Ministry of Communication and Digital Regulation (No. 7/2026), users must now verify their identity via a biometric face scan linked directly to the national ID database (NIK). The program, dubbed "SEMANTIK," seeks to end the era of disposable "burner" SIM cards that have fueled a nationwide epidemic of phishing and financial fraud.

"Most online scams originate from untraceable numbers," Communication and Digital Minister Meutya Hafid said during the launch at the Sarinah Building on Tuesday. "Biometric registration ensures every number is tied to a valid, accountable identity."

The policy is a significant escalation from the 2014 registration rules, which relied solely on ID numbers—a system that proved vulnerable to the use of leaked databases and fake credentials. By adding a biometric layer, the government aims to curb the misuse of One-Time Passwords (OTPs) and the automated "bot" accounts used in regional scam operations.

While the government frames the move as a protective measure, the mandate raises questions about data security in a country that has faced several high-profile cyberattacks on state databases.

To address these concerns, the regulation explicitly requires telecommunication providers to encrypt biometric data and strictly limits the number of SIM cards a single individual can own. However, digital rights advocates often view such biometric mandates as a double-edged sword that increases state surveillance capabilities.

The biometric push aligns with Jakarta’s broader "doctrine" of treating cybercrime as a national security threat rather than a mere policing issue. By tightening control at the "upstream" level—the point of entry into the digital ecosystem—the government hopes to neutralize the logistical infrastructure of local and regional fraud networks.