What Is Subscriber Identity Module (SIM)? Ultimate Guide [2025]

Types of Physical (Plastic) SIM Cards

Full-Size SIM

The full-size SIM, also known as the 1FF (first form factor), was the original SIM card design introduced in the early 1990s. It measured 85.6 mm × 53.98 mm, roughly the size of a credit card. 

Initially, these SIMs were used in the first-generation (1G) and early second-generation (2G) mobile phones, which had large form factors and ample space for such a card. As mobile phones became more compact and portable, the full-size SIM became impractical and is no longer in use today.

Mini-SIM

The mini-SIM, or 2FF (second form factor), was introduced in the late 1990s as a more practical alternative to the full-size SIM. Measuring 25 mm × 15 mm, it significantly reduced the physical size of the SIM while retaining the same chip design. The mini-SIM became the dominant standard for mobile phones in the early 2000s and was widely used in feature phones and early smartphones. 

Many mobile networks and older devices still support mini-SIM cards, though they are gradually being phased out in favor of smaller formats. Despite its reduced size, it maintained the same functionality as its predecessor, allowing secure authentication, network connectivity, and storage for subscriber data.

Micro-SIM

The micro-SIM, or 3FF (third form factor), was developed to address the need for smaller SIM cards as smartphones became more compact and sophisticated. With dimensions of 15 mm × 12 mm, it was introduced in 2010 and first gained widespread adoption with the launch of the iPhone 4. 

The micro-SIM retained the same chip size as the mini-SIM but reduced the surrounding plastic, enabling manufacturers to free up valuable space inside mobile devices. This change was especially beneficial for smartphones that required larger batteries and more internal components. 

Nano-SIM

The nano-SIM, or 4FF (fourth form factor), was introduced in 2012 and is the most widely used physical SIM format today. Measuring just 12.3 mm × 8.8 mm, it eliminated almost all excess plastic, leaving only the essential circuitry. This further reduction in size allowed smartphone manufacturers to optimize device design, making room for larger batteries, improved processors, and more advanced hardware. 

Despite its small form factor, the nano-SIM functions identically to its predecessors, providing secure network authentication and storage for subscriber data. Most modern smartphones, tablets, and other mobile devices now use nano-SIM cards, though the growing adoption of eSIM technology may eventually replace physical SIMs altogether.

Embedded and Integrated SIMs

Today it is increasingly common for SIMs to be built into mobile devices, instead of being provided as a separate plastic card that is inserted into the device. The two main types are embedded SIM and integrated SIM.

Embedded SIM

Unlike traditional SIM cards, which are plastic, removable cards, an embedded SIM is a small, reprogrammable chip soldered directly onto a device’s motherboard. This eliminates the need for a SIM card slot, allowing manufacturers to create slimmer and more water-resistant devices. 

Embedded SIMs are increasingly adopted in smartphones, smartwatches, tablets, and IoT (internet of things) devices due to its convenience, security, and space-saving benefits.

Note: Embedded SIM devices are not to be confused with eSIM, which is a technology that allows SIMs to be remotely provisioned (see SIM Card Functionality below).

Integrated SIM (iSIM)

The integrated SIM, or iSIM, represents the next evolution of SIM technology. Unlike embedded SIMs, which are separate chips soldered onto a device’s motherboard, iSIMs are directly integrated into a device’s main processor. This integration reduces space consumption even further and lowers power usage, useful for IoT devices, smart sensors, and industrial automation. 

iSIM technology simplifies device manufacturing, improves security, and supports remote provisioning, allowing users to manage carrier profiles without needing physical interventions. As the demand for ultra-compact, power-efficient devices grows, iSIMs are expected to play a role in the future of mobile connectivity and embedded communications.

SIM Cards Functionality

Basic SIM Functionality

A SIM card enables a mobile device to make and receive voice calls by authenticating it on a carrier’s network. When a call is initiated, the SIM communicates with the network, verifying the subscriber’s identity and establishing a secure connection. The SIM also manages call routing, ensuring seamless communication between users.

For SMS messaging, the SIM stores necessary subscriber data and interacts with the Short Message Service Center (SMSC) to send and receive text messages. Additionally, SIM cards facilitate mobile data connectivity by providing the necessary authentication credentials for internet access. Network operators can monitor data usage, enforce plan limits, and implement security measures such as encryption and fraud detection to protect subscriber information.

eSIM (Remote SIM Provisioning)

eSIM technology enables remote SIM provisioning (RSP), allowing users to switch between mobile network operators without physically changing a SIM card. This is achieved through a technology called eUICC, which makes it possible to download and manage digital SIM profiles via software. Mobile carriers provide QR codes or apps, allowing users to activate eSIMs remotely.

RSP simplifies connectivity for devices like smartphones, tablets, wearables, and IoT applications by eliminating logistical challenges associated with traditional SIM cards. It also benefits enterprises by allowing centralized management of multiple devices across different networks.

Multi-IMSI SIM

A multi-IMSI SIM can store multiple International Mobile Subscriber Identities (IMSIs), allowing a single SIM to access different mobile networks. This capability is useful for global travelers, IoT deployments, and organizations requiring seamless roaming between carriers. The SIM automatically switches between IMSIs based on predefined rules.

Multi-IMSI SIMs are commonly used in IoT applications, where devices deployed across multiple regions need reliable connectivity without requiring physical SIM replacements. 

Technical Architecture and Data Storage

Physical Components

A SIM card consists of several physical elements that enable its functionality. The core component is the microcontroller unit (MCU), which houses the SIM’s processing capabilities, memory, and security mechanisms. 

A physical SIM chip is embedded in a plastic card with electrical contacts that interface with a mobile device’s SIM slot. These contacts follow standardized configurations to ensure compatibility across devices. In embedded SIMs (eSIMs) and integrated SIMs (iSIMs), the physical form factor is changed, with the SIM functionality directly embedded within the device’s circuitry.

Modern SIM cards also feature integrated security elements, including hardware encryption modules that protect stored data and authentication keys. 

Stored Data Elements

A SIM card stores critical data that enables network authentication and user identification. Key stored elements include:

• International mobile subscriber identity (IMSI): A unique identifier assigned to each subscriber, used by mobile networks to authenticate users.
• Authentication key (Ki): A secret key used alongside the IMSI for secure authentication on the network.
• Integrated circuit card identifier (ICCID): A unique serial number that identifies the SIM card itself.
• Location area identity (LAI): Stores information about the last known registered network location, allowing efficient reconnection to the network.
• Operator-specific data: Includes carrier settings, network preferences, and access control settings that optimize connectivity.
• SMS and contacts storage: While modern smartphones store contacts in cloud-based services, older devices rely on the SIM card for storing a limited number of contacts and text messages.

SIM Application Toolkit (SAT)

The SIM Application Toolkit (SAT) is a set of commands and protocols that allow SIM cards to interact with mobile devices and networks dynamically. SAT enables carriers to offer value-added services, manage SIM functions remotely, and improve user experience without requiring device-side modifications.

Some key functions of SAT include:

• Menu-based services: Provides interactive menus for services such as balance inquiries, mobile banking, and content subscriptions.
• Proactive commands: Enables the SIM to initiate actions like displaying messages, opening network connections, or requesting user input.
• Remote file management: Allows network operators to update SIM card data remotely, such as modifying access settings or deploying security patches.
• Event handling: Supports automatic responses to events like call initiation, location updates, or network registration changes.

SIM Cards and Carrier Relationships

Let’s review three common ways in which mobile carriers use SIM cards to manage customer subscriptions.

SIM-Only Plans

SIM-only plans provide users with a mobile network service without bundling a device. These plans are appropriate for individuals who already own a compatible phone and prefer a flexible, cost-effective option. Unlike traditional carrier contracts that include a subsidized device, SIM-only plans typically offer lower monthly fees and shorter commitments, ranging from month-to-month to annual contracts.

One major advantage of SIM-only plans is their affordability, as users are not paying off the cost of a new device. They also provide greater flexibility, allowing customers to switch plans or carriers more easily. Many mobile network operators offer various SIM-only options, including unlimited data plans, family-sharing plans, and pay-as-you-go options.

Prepaid vs. Postpaid SIM Cards

Prepaid and postpaid SIM cards differ primarily in how users pay for mobile services.

Prepaid SIM cards require users to pay upfront for a set amount of data, calls, and texts. Once the balance is used up, they must top up to continue using services. Prepaid plans offer flexibility and control over spending, suitable for budget-conscious users, travelers, and those who do not require long-term commitments. They are also popular in regions with limited access to credit-based mobile contracts.

Postpaid SIM cards operate on a billing cycle where users receive a monthly invoice based on their chosen plan and any additional usage. These plans often include perks like unlimited data, international roaming, and device financing options. Postpaid SIMs are typically used by individuals who prefer a stable, ongoing mobile service without the need to manually top up. However, they may require credit checks and long-term contracts.

SIM Unlocking and Portability

SIM unlocking and portability are crucial for users who want the freedom to switch between carriers without replacing their devices.

SIM unlocking refers to the process of removing carrier restrictions from a phone, allowing it to be used with different network providers. Many carriers lock phones to their network to prevent customers from switching before fulfilling contract obligations. Unlocking a SIM requires a code or software update from the carrier, and regulations in many countries now mandate that carriers provide unlocking services after a certain period or upon request.

Number portability enables users to retain their phone number when switching carriers. This process, known as mobile number portability (MNP), ensures a seamless transition without losing contact information. Users typically request a porting code from their current provider and submit it to the new carrier, which then transfers the number within a few hours or days.

Notable Security Considerations and Vulnerabilities of SIM Cards

It should be noted that SIM card technology involves several security risks.

Cryptographic Vulnerabilities

SIM cards use cryptographic mechanisms to authenticate users and encrypt communications. However, weaknesses in older encryption algorithms, such as COMP128 used in early GSM networks, have exposed vulnerabilities. Attackers can exploit these flaws to extract authentication keys (Ki) and impersonate subscribers. Modern SIMs use stronger algorithms like AES and MILENAGE, but security risks persist due to backward compatibility in some networks.

Over-the-air (OTA) updates introduce another potential attack vector. If improperly secured, OTA provisioning messages can be intercepted or manipulated, allowing attackers to modify SIM card settings or deploy malicious software. Mobile operators mitigate these risks through secure key exchanges, mutual authentication protocols, and regular security audits.

SIM Cloning

SIM cloning involves duplicating a SIM card by extracting its unique authentication key (Ki) and programming it onto another card. This allows an attacker to make calls, send messages, and access data while appearing as the legitimate subscriber. Cloning is typically achieved through cryptographic attacks on weak encryption algorithms or by physically accessing the SIM.

Older SIM cards using COMP128-1 encryption are particularly vulnerable, as researchers have demonstrated successful key extraction in minutes. Modern SIMs employ stronger encryption, making cloning significantly more difficult. However, targeted attacks remain a concern, especially for high-profile individuals or corporate executives.

SIM Swap Fraud

SIM swap fraud occurs when an attacker convinces a mobile carrier to transfer a victim’s phone number to a new SIM card under their control. This is typically done through social engineering, phishing, or exploiting weak carrier authentication processes. 

Once the swap is completed, the attacker can intercept calls, SMS messages, and one-time passwords (OTPs), enabling them to bypass two-factor authentication (2FA) protections and access financial accounts, social media, and other sensitive services.

Vulnerabilities in Remote Provisioning

Remote SIM provisioning introduces new attack surfaces. Since eSIM profiles can be remotely downloaded and managed, attackers may attempt to hijack provisioning processes to install rogue profiles, intercept data, or disrupt service availability.

Man-in-the-middle (MitM) attacks on provisioning networks could allow adversaries to alter or reroute authentication requests. Additionally, malware targeting eSIM management applications could enable unauthorized provisioning actions. 

Learn more in our detailed guide to eSIM security (coming soon)

5 Best Practices for SIM Card Management in Organizations

Here are some of the ways that organizations can ensure the security and cost-effectiveness of their physical and virtual SIM cards.

1. Safeguarding SIM Information

Protecting SIM card information is essential to prevent unauthorized access, identity theft, and financial fraud. This includes setting up a SIM PIN, which requires entry every time the phone is restarted or the SIM is inserted into a new device. If the wrong PIN is entered multiple times, the SIM locks itself, requiring a PUK (personal unblocking key) to regain access. 

Consumers should store the PUK and ICCID (integrated circuit card identifier) in a secure place, such as a password manager. Additionally, companies should ensure their employees are aware of SIM swap fraud, where attackers impersonate the user to transfer their number to a new SIM, potentially gaining access to banking and social media accounts linked to the phone number. 

To mitigate this risk, admins should enable two-factor authentication (2FA) that does not rely solely on SMS and request additional security layers from their mobile carrier, such as account PINs or biometric authentication.

2. Managing Multiple SIM Devices

For organizations handling multiple SIM-enabled devices, efficient management prevents confusion and unnecessary costs. Labeling SIM cards with details such as the network provider, phone number, or intended usage (i.e., business, data-only) can help in quick identification.

Dual-SIM smartphones allow companies to optimize network usage by assigning different SIMs for calls and data. For example, one SIM can be used for international roaming while another remains on a local plan to reduce costs. 

Business users managing a fleet of company phones or IoT devices should consider mobile device management solutions to monitor usage, enforce security policies, and remotely disable lost or compromised SIMs. Global SIMs that support multiple networks in different countries can be a cost-effective alternative to switching SIMs manually.

3. Choosing the Right SIM for Your Needs

Selecting the appropriate SIM card involves considering factors like network compatibility, coverage, pricing, and usage needs. Traditional physical SIM cards come in nano, micro, and standard sizes, and users should verify their device’s requirements before purchasing. 

With eSIM technology becoming more common, users with compatible devices can enjoy the flexibility of remotely activating and switching between carriers without inserting a physical card. Organizations with frequent travelers may benefit from international or regional SIM cards, which offer lower roaming rates and better coverage abroad. 

Business users who require reliable connectivity for remote work may prefer postpaid SIM plans with unlimited data or premium network access. IoT deployments, such as smart meters, GPS trackers, and connected vehicles, often require specialized M2M (machine-to-machine) SIMs that provide better network reliability, remote management features, and long-term durability.

4. Optimizing SIM Usage in IoT Applications

IoT devices rely on stable and efficient connectivity, making proper SIM management critical. Unlike traditional SIM cards, IoT SIMs are often designed to withstand harsh conditions, support remote provisioning, and switch between multiple networks for better coverage. Organizations deploying IoT solutions should opt for SIMs that allow remote profile updates.

Using multi-network SIMs or global IoT SIMs can improve reliability, especially in industries like logistics, healthcare, and agriculture, where devices operate in different locations with varying network availability. Enterprises should implement SIM management platforms that provide real-time data on usage, connectivity status, and automated alerts for abnormal consumption.

To prevent unnecessary costs, companies should set usage limits, automate alerts for excessive data consumption, and leverage AI-driven analytics to optimize network performance.

5. Data Usage and Performance Monitoring

Monitoring data consumption and network performance helps users and organizations avoid unexpected charges and ensure stable connectivity. Many mobile carriers provide apps or web portals that display real-time data usage, allowing users to track their consumption and stay within plan limits. 

Setting up automated alerts or usage caps can prevent excessive charges, especially on prepaid or limited-data plans. For enterprises managing multiple devices, advanced analytics tools can identify usage trends and optimize data plans accordingly. 

For example, organizations can detect which SIMs consume excessive data and adjust their plans to avoid unnecessary expenses. Network performance monitoring tools can also help diagnose connectivity issues, such as weak signal strength or high latency.