Latest news with #MNV
Time of India
a day ago
- Business
- Time of India
Internet companies say draft telecom cybersecurity rules to extend regulatory oversight, raise costs
NEW DELHI: Internet companies have cautioned that the Department of Telecommunications ' (DoT) proposed Draft Telecommunication (Telecom Cyber Security) Amendment Rules, 2025, could extend regulatory oversight to non-telecom licensed entities and raise costs, which will dent profits and impact ordinary consumers. The industry raised concerns that the proposed telecom cybersecurity amendments exceed the legislative scope of the Telecommunications Act, 2023, by creating a new category of entities – Telecommunication Identifier User Entities (TIUEs) – which cover a wide-range of non-telecom licensed digital service providers , such as e-commerce players, banks, food delivery, streaming, gaming, and others. The new draft rules, in their current form, will apply to all 'telecommunication identifier user entities' (TIUEs), or entities that use phone numbers to identify customers or their transactions. The Internet and Mobile Association of India (IAMAI), in its submission to the telecom department, said that the inclusion of digital businesses under the proposed amendments was in 'violation of the scope of the Telecom Act and amounts to regulatory overreach'. IAMAI further said that the proposed creation of a Mobile Number Validation (MNV) platform and imposition of a verification fee (₹1.5/₹3) could prove to be a 'significant expense and compliance burden for digital businesses'. 'This might lead to increased service costs for end-users and reduced profit margins for businesses, particularly for start-ups and MSMEs (micro, small and medium enterprises) where such costs may be disproportionately felt,' it added. IT industry association NASSCOM , in a letter to Devendra Kumar Rai, joint secretary (telecom), DoT, said one of the most pressing concerns of digital companies is the proposed fee of ₹1.5-3 per verification request via the MNV platform, which is nearly 30 to 60 times higher than the prevailing cost of existing one-time password (OTP)-based verification, which is basically under ₹0.1 per request. 'For platforms handling large transaction volumes or serving cost-sensitive user segments, such a pricing structure is economically unsustainable. Moreover, the lack of clarity on whether the fee applies per user or per transaction further complicates cost projections,' National Association of Software and Service Companies (NASSCOM) said in its letter, dated July 24, 2025. It warned that smaller players, startups, and high-volume platforms will be 'disproportionately impacted', creating barriers to innovation and hindering the government's goals around digital inclusion and ease of doing business. 'This may also discourage small businesses in adoption of verification technologies,' said NASSCOM. The Broadband India Forum (BIF), in its submission, said that the existing mechanisms, such as DoT's ICDR system and CEIR portal enable IMEI registration, verification, and blocking, noting that the draft telecom cybersecurity amendments add a 'duplicative step in IMEI allocation process for OEMs which would interfere with GSMA processes'. 'Do not operationalise the MNV platform, i.e., Rules 7A read with 2(cb) without a clear legal basis, defined purpose and privacy protections. If operationalised, MNV should be voluntary, especially due to the prohibitive costs of compliance impacting innovation and adoption of digital verification tools,' BIF said, adding that the provisions regarding fees should be reconsidered due to the absence of legislative sanction for the same. BIF's members include global Internet and technology giants including Google, Microsoft, Meta Platforms, Netflix, among others.
Hindustan Times
28-06-2025
- Business
- Hindustan Times
Govt plans mobile number verification for apps, banks
NEW DELHI The move comes as India battles a surge in digital fraud (AFP) The telecommunications department has proposed sweeping new cybersecurity rules that would require digital platforms to verify customer mobile numbers through a government-run system, as the country grapples with rising online fraud. The Department of Telecommunications (DoT) unveiled draft amendments dated Tuesday that would establish a Mobile Number Validation (MNV) platform to check whether phone numbers provided by users actually belong to them - a move that could affect millions of Indians using everything from food delivery apps to digital payment services. India has over 1.16 billion mobile connections and is the world's largest market for digital payments, making it a major target for mobile-based fraud schemes. The proposed rules target what the government calls Telecommunication Identifier User Entities (TIUEs) - essentially any business that uses mobile numbers to identify customers or deliver services, beyond licensed telecom operators. 'A person, other than a licensee or authorised entity, which uses telecommunication identifiers for the identification of its customers or users, or for provisioning and delivery of services,' the notification states. While the notification does not specify examples of TIUEs, a DoT official explained to HT that TIUE covers OTT platforms, banks, among other digital services. 'If the services are using mobile numbers or any other telecom identifier, then they will be covered under TIUE. In other words, this broad definition could include ride-hailing apps like Ola and Uber, food delivery platforms like Zomato and Swiggy, fintech companies, e-commerce sites, and banking apps. While companies can voluntarily request mobile number verification, the rules make it mandatory 'upon a direction from central or state government or an agency authorised by the central or state government.' The move comes as India battles a surge in digital fraud, often through stolen or lost SIM cards that are used to make calls or send messages in phishing and more recently 'digital arrests' rackets. The use of mule SIMs are designed to work around strict KYC norms that was initially thought to be effective against crimes. The draft notification briefly specifies two grounds for the move: 'ensuring telecom cyber security and prevent security incidents'. According to government data, digital frauds have surged in recent years. In March, the government in a submission to Rajya Sabha stated the number of digital arrest scams and related cybercrimes in the country almost tripled between 2022 and 2024, with defrauded amounts skyrocketing by 21 times during the period. Cybersecurity experts are divided on the implications. Sandeep K Shukla, a professor at IIT Kanpur, said the anti-fraud benefits could justify privacy concerns. 'This might hamper privacy to some extent, but if you are claiming a number to be associated with a business, it better be associated with the claimed business,' Shukla told HT. However, Vikram Jeet Singh, a partner at BTG Advaya specialising in internet regulation, raised data protection concerns. 'There are obvious data privacy concerns, and it is not clear what data can be accessed through such a platform. Will it be a simple 'Yes/No' response on validation of a phone number, or can it be used to obtain more personal details of phone users?' Singh questioned. The draft rules propose a tiered pricing system: government entities get free access, while government-directed validation costs ₹ 1.50 per request. Private companies making voluntary requests pay ₹ 3 per validation. Singh warned this could create new costs for consumers. 'On a more mundane (but important) level, this may mean that banks and other service providers start charging their customers for 'MNV validation' costs.' The logistical challenge is immense. 'The MNV database will likely be maintained by creating a record of all active phone numbers in India. Given India has more than 1.5 billion phone numbers, this will not be an easy task in itself,' Singh added. Kazim Rizvi, founding director of The Dialogue, a tech policy think tank, said the proposed amendments could lead to an excessive centralisation of user data, raising concerns about proportionality under the Puttaswamy judgment and 'potentially clashing with the privacy safeguards outlined in the Digital Personal Data Protection (DPDP) Act'. The amendments also target mobile device fraud through stricter IMEI (International Mobile Equipment Identity) controls. Manufacturers must ensure new devices don't reuse IMEI numbers already in use in India's networks. The government will maintain a central database of tampered or blacklisted IMEIs, with second-hand phone sellers required to check this database before any sale - at a cost of 10 rupees per IMEI check. The rules also grant authorities sweeping powers to 'temporarily suspend use of the relevant telecommunication identifier' for both telecom operators and TIUEs if security concerns arise. The proposed rules are open for public consultation for 30 days before implementation. The DoT was not immediately available for comment.
The Print
27-06-2025
- Business
- The Print
DoT proposes changes in cyber security rules to curb frauds by misusing phone numbers
The new mechanism will involve a 'MNV platform' that will enable validation by authorised entities and licensees to check whether a mobile number used by an enterprise or users are present in the database of an authorised entity or licensee. The draft cyber security rules published on June 24 proposed to create a new platform for phone number validation and also includes those entities that use phone numbers to identify customers like banks using phone numbers for UPI transactions. New Delhi, Jun 26 (PTI) The Department of Telecom has proposed changes in cyber security rules to curb fraudulent activities that are carried out using mobile phone numbers. The new cyber security rules have terms for entities that use phone numbers to identify customers or their transactions as 'telecommunication identifier user entity' (TIUE). The new rule recommends a price of Rs 1.5 per request for status validation of a mobile number in the database of telecom operated by an entity authorised by centre or state governments. Any other entity will need to pay Rs 3 per request for mobile number validation after the new amendments are in place. DoT has sought comments from interested parties on the draft within 30 days of its publication. The new rules give more power to government authorised agencies or law enforcement agencies to collect details of transactions carried out by a person from non-telecom entities as well. According to sources, a bank has already started a pilot project to test the new mechanism, where it can flag a number that has been involved in fraudulent transactions. The flagged number will be deactivated for a period of 90 days. The history of the number will automatically get deleted after 90 days so that an individual who procures the same number after 90 days is not impacted. PTI PRS DRR This report is auto-generated from PTI news service. ThePrint holds no responsibility for its content.
Time of India
27-06-2025
- Business
- Time of India
Digital safety: DoT proposes stricter cybersecurity rules; central Mobile Number Validation Platform to combat fraud
The department of telecommunications (DoT) has proposed sweeping changes to India's telecom cybersecurity framework, allowing it to mandate mobile number or identity verification through a centralised government-run platform, as part of efforts to crack down on online fraud and spoofing. Tired of too many ads? go ad free now According to a draft notification of the amended Telecommunications (Telecom Cyber Security) Rules, 2024, the DoT has suggested creating a 'Mobile Number Validation' (MNV) platform that will be accessible to telecom operators and entities such as banks, financial institutions, and e-commerce companies. As per ET, these authorised stakeholders will be allowed to verify users' mobile numbers by paying a prescribed fee. 'With a view to ensuring telecom cyber security and prevent security incidents, the Central Government shall by itself, or through an agency authorised by the Central Government, establish an MNV platform,' the DoT stated in the notification. The government can also direct device manufacturers to assist in identifying tampered phones using duplicate IMEI numbers, and maintain a database of such compromised devices. The platform will offer tiered pricing for verification requests that government-authorised entities can access it at Rs 1.5 per request, while all others will be charged Rs 3 per validation. Notably, under the draft rules, the government can immediately suspend a mobile number without notice if it believes the action is necessary in the public interest. The changes also give law enforcement agencies and authorised government bodies the ability to collect transaction histories involving mobile numbers from non-telecom entities. Tired of too many ads? go ad free now The draft introduces a new category called 'Telecommunication Identifier User Entities' (TIUEs), which includes all businesses and platforms that use mobile numbers to authenticate customers, such as banks verifying UPI-linked numbers. As per news agency PTI, at least one major bank has already begun piloting the MNV system, flagging numbers involved in fraudulent transactions for 90-day deactivation. Once the period ends, the number's history is deleted to prevent issues for future users. The new cybersecurity rules have triggered debate over their broader implications. While experts recognise the importance of enhanced protection, they also point to potential challenges. 'The proposed Telecom Cybersecurity Amendment Rules 2025 represent a strong policy move toward securing India's digital infrastructure,' said Tarun Wig, co-founder and CEO at Innefu Labs, as quoted by ET. However, he warned of 'potential friction around data privacy, integration complexity, and the cost of compliance, especially for smaller digital platforms and startups.' Wig added, 'Operationalising such a system at scale while ensuring minimal disruption and maximum data protection will be a key challenge.' The DoT has invited public comments on the draft rules within 30 days of publication.
Time of India
26-06-2025
- Business
- Time of India
DoT plans mobile ID checks to curb cyber fraud
The telecom department has proposed tightening its cybersecurity rules , under which it can now direct telecom operators and other entities like banks, financial institutions, e-commerce players, etc., to verify mobile numbers or identities of users through a centralised platform, in another step to curb online fraud and spoofing. The stakeholders can verify the mobile numbers of users by paying a prescribed fee for using the platform, the Department of Telecommunications (DoT) has proposed in a draft notification to amend the Telecommunications ( Telecom Cyber Security ) Rules, 2024. "With a view to ensuring telecom cyber security and prevent security incidents, the Central Government shall by itself, or through an agency authorised by the Central Government, establish a MNV ( mobile number validation ) platform and issue directions to authorised entities and licensees, as regards the form and manner in which to participate on such platform," DoT said in the draft notification. Play Video Pause Skip Backward Skip Forward Unmute Current Time 0:00 / Duration 0:00 Loaded : 0% 0:00 Stream Type LIVE Seek to live, currently behind live LIVE Remaining Time - 0:00 1x Playback Rate Chapters Chapters Descriptions descriptions off , selected Captions captions settings , opens captions settings dialog captions off , selected Audio Track Picture-in-Picture Fullscreen This is a modal window. Beginning of dialog window. Escape will cancel and close the window. Text Color White Black Red Green Blue Yellow Magenta Cyan Opacity Opaque Semi-Transparent Text Background Color Black White Red Green Blue Yellow Magenta Cyan Opacity Opaque Semi-Transparent Transparent Caption Area Background Color Black White Red Green Blue Yellow Magenta Cyan Opacity Transparent Semi-Transparent Opaque Font Size 50% 75% 100% 125% 150% 175% 200% 300% 400% Text Edge Style None Raised Depressed Uniform Drop shadow Font Family Proportional Sans-Serif Monospace Sans-Serif Proportional Serif Monospace Serif Casual Script Small Caps Reset restore all settings to the default values Done Close Modal Dialog End of dialog window. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like 경고: 이 게임 진짜 중독성 쩔어요. 지금 해봐! Hero Wars 플레이하기 Undo Further, the government can issue directions to phone makers to provide assistance as required in relation to tampered devices bearing International Mobile Equipment Identity (IMEI) numbers. The manufacturers can also be asked not to assign IMEIs that are already in use in telecommunication networks in India, to new telecommunication equipment that are being manufactured in India or imported to India. Live Events As per the draft rules, the Central government shall, either directly or through an agency authorised by it, will maintain a database of IMEIs which are tampered, or whose use has been restricted. If the government considers that immediate action is necessary or expedient in public interest, it shall without issuing a notice, pass an order to the telcos to temporarily suspend the use of a mobile number. "The proposed Telecom Cybersecurity Amendment Rules 2025 represent a strong policy move toward securing India's digital infrastructure. By mandating verification of user identifiers through a centralized government platform, the regulation aims to reduce telecom-related fraud and enhance digital accountability across sectors," Tarun Wig, co-founder & CEO at Innefu Labs said. However, the broader implications include potential friction around data privacy, integration complexity, and the cost of compliance especially for smaller digital platforms and startups. "Operationalizing such a system at scale while ensuring minimal disruption and maximum data protection will be a key challenge," Wig said.
