BVN, NIN sale as threat to national security

July 30, 2025 by Our Reporter

• By Shuaib S. Agaka

Sir: Just weeks ago, national alarm bells rang over the dangers of SIM recycling—where inactive mobile numbers are reassigned without proper verification, sometimes leading to unauthorized access to bank accounts and sensitive platforms. Now, with the Economic and Financial Crimes Commission (EFCC) revealing that thousands of Nigerian youths are trading Bank Verification Numbers (BVNs) and National Identification Numbers (NINs), a far more disturbing pattern is taking shape: Nigeria’s digital identity infrastructure is dangerously compromised.

The implications are staggering. The country’s cybersecurity framework, already riddled with loopholes, is now showing deeper fractures. Trust—the bedrock of any digital system—is evaporating fast. Ironically, while palliatives are now scarce and heavily guarded, Nigerians’ personal data floats freely across black markets and rogue platforms. The very act of surrendering biometric and personal details to the state—under promises of security and service delivery—has become the gateway to exploitation.

Nigeria’s digital identity architecture is built on three core pillars: the NIN managed by the National Identity Management Commission (NIMC), the BVN under the Central Bank of Nigeria (CBN), and the SIM-NIN linkage enforced by the Nigerian Communications Commission (NCC). Together, these systems were intended to unify identity verification, enhance financial inclusion, curb fraud, and support digital governance.

Read Also: Sanwo-Olu’s wife launches N60m Tinubu’s RHI Agric support

In theory, it’s a sound framework. In practice, however, it’s falling apart.

Corruption and insider leaks have created cracks in what should be secure systems. The EFCC’s finding that over 12,000 youths were caught selling their identities is only the visible tip of a deeper and more institutionalized rot. The black market for digital identities is supplied not just by desperate youth—but also by compromised insiders working within supposedly secure government and financial agencies.

Nigeria must establish a unified digital identity oversight mechanism to harmonize data security standards across NIMC, CBN, NCC, and NDPC. Real-time interoperability and data-sharing protocols must be enforced. Second, all telecoms, fin-techs, and banks should undergo mandatory cybersecurity compliance audits. Institutions found to mishandle user data should face stiff penalties, including license suspensions or financial sanctions. Third, a national public education campaign must be launched to raise awareness about digital identity theft and promote cyber hygiene at the grassroots.

Ultimately, Nigeria’s digital future will not be secured by technology alone. It will be secured by building trust—trust that personal data will be respected, identities protected, and breaches punished. Until then, Nigeria’s digital economy remains a house built on shaky foundations, where the trade of identities is more seamless than access to palliatives, and fraudsters are more empowered than the citizens they exploit.

•Shuaib S. Agaka,

Kano