SIM Farms and SIM Boxes: The Quiet Drain on A2P Revenue

Generally, A2P can and should be a vessel for growth. But due to persistent gaps and issues, challenges often arise involving A2P that have varying impacts on MNOs. One of these issues, that has become a growing concern for the telecommunications industry, is SIM farms and SIM boxes.

What are they? And why should you care?

A SIM farm refers to a system that uses a large number of SIM cards to send messages at scale, often outside approved A2P routes, and frequently with fraudulent

intent. A SIM box is a device that connects many SIMs through a single connection. Banks of these devices form a SIM farm. The two terms are often used interchangeably. Some distributed SIM farm models even let consumers sell their unused texts through an app, which are then sold down the value chain to enterprises. The result is the same: A2P traffic rides P2P rails, bypassing approved channels and pricing. 

How do they make money?

Fraudsters establish operations where SIMs are cheap, unlimited bundles are common, and registration is considerably weak. By exploiting P2P routes, they deliver at a fraction of A2P costs. Moreover, they add grey routes and cheap bulk SMS. The headline price may look attractive on paper. The risks and revenue loss are anything but. The cost of these activities not only impact MNOs but also enterprises.

Why this threatens A2P:

Revenue leakage and misclassification:

• Messages deliver, but the operator misses termination fees.

• A2P disguised as P2P via SIM farms and local bypass.

Abuse and brand risk:

• Spam and fraud damage trust.

• Phishing/malware exposure for end customers and businesses.

• Reputation risk: brands found using such routes, even unknowingly, can be perceived as complicit which can result in customer loss and severe reputational damage.

Network impact:

• Farms can overload networks, causing congestion and poor user experience.

• They raise security concerns and can even lead to data exposure. 

Legal, compliance, and data protection:

• GDPR penalties can reach €20m or 4% of annual turnover (whichever is higher).

• Standard SIM farms are unlikely to have invested in the maintenance of controls required for compliance.

• Distributed SIM farms are non-compliant by design: app users can access recipient numbers and message content.

• Businesses must:

  • Keep providers’ data protection compliance up to date.

  • Have clear processing agreements with providers.

  • Assume responsibility for lawful processing by their providers.

Failure on any point can expose the business to fines, legal issues, and regulatory challenges.

The cost picture:

• Beyond operational challenges, the financial hit can be significant. In one market view, 1 in 5 MNOs believed they had lost 15–20% of revenue to fraud.

• Farm traffic is typically slower and poor quality, undermining customer experience and increasing further fraud risk.

What works?

A multi-faceted approach is required:

• Next-generation SMS firewall at the edge for real-time identification and blocking of grey-route A2P.

• Active testing to reveal disguised paths before peak periods.

• SIM registration and tariff policy to reduce abuse of unlimited bundles.

• Continuous monitoring, anomaly detection, and incident response.

Want a fast read on recoverable A2P revenue and a plan to eliminate SIM-farm leakage? Talk to NexumTech.