Latest news with #MobileNumberValidation
Hindustan Times
2 days ago
- Business
- Hindustan Times
Govt plans mobile number verification for apps, banks
NEW DELHI The move comes as India battles a surge in digital fraud (AFP) The telecommunications department has proposed sweeping new cybersecurity rules that would require digital platforms to verify customer mobile numbers through a government-run system, as the country grapples with rising online fraud. The Department of Telecommunications (DoT) unveiled draft amendments dated Tuesday that would establish a Mobile Number Validation (MNV) platform to check whether phone numbers provided by users actually belong to them - a move that could affect millions of Indians using everything from food delivery apps to digital payment services. India has over 1.16 billion mobile connections and is the world's largest market for digital payments, making it a major target for mobile-based fraud schemes. The proposed rules target what the government calls Telecommunication Identifier User Entities (TIUEs) - essentially any business that uses mobile numbers to identify customers or deliver services, beyond licensed telecom operators. 'A person, other than a licensee or authorised entity, which uses telecommunication identifiers for the identification of its customers or users, or for provisioning and delivery of services,' the notification states. While the notification does not specify examples of TIUEs, a DoT official explained to HT that TIUE covers OTT platforms, banks, among other digital services. 'If the services are using mobile numbers or any other telecom identifier, then they will be covered under TIUE. In other words, this broad definition could include ride-hailing apps like Ola and Uber, food delivery platforms like Zomato and Swiggy, fintech companies, e-commerce sites, and banking apps. While companies can voluntarily request mobile number verification, the rules make it mandatory 'upon a direction from central or state government or an agency authorised by the central or state government.' The move comes as India battles a surge in digital fraud, often through stolen or lost SIM cards that are used to make calls or send messages in phishing and more recently 'digital arrests' rackets. The use of mule SIMs are designed to work around strict KYC norms that was initially thought to be effective against crimes. The draft notification briefly specifies two grounds for the move: 'ensuring telecom cyber security and prevent security incidents'. According to government data, digital frauds have surged in recent years. In March, the government in a submission to Rajya Sabha stated the number of digital arrest scams and related cybercrimes in the country almost tripled between 2022 and 2024, with defrauded amounts skyrocketing by 21 times during the period. Cybersecurity experts are divided on the implications. Sandeep K Shukla, a professor at IIT Kanpur, said the anti-fraud benefits could justify privacy concerns. 'This might hamper privacy to some extent, but if you are claiming a number to be associated with a business, it better be associated with the claimed business,' Shukla told HT. However, Vikram Jeet Singh, a partner at BTG Advaya specialising in internet regulation, raised data protection concerns. 'There are obvious data privacy concerns, and it is not clear what data can be accessed through such a platform. Will it be a simple 'Yes/No' response on validation of a phone number, or can it be used to obtain more personal details of phone users?' Singh questioned. The draft rules propose a tiered pricing system: government entities get free access, while government-directed validation costs ₹ 1.50 per request. Private companies making voluntary requests pay ₹ 3 per validation. Singh warned this could create new costs for consumers. 'On a more mundane (but important) level, this may mean that banks and other service providers start charging their customers for 'MNV validation' costs.' The logistical challenge is immense. 'The MNV database will likely be maintained by creating a record of all active phone numbers in India. Given India has more than 1.5 billion phone numbers, this will not be an easy task in itself,' Singh added. Kazim Rizvi, founding director of The Dialogue, a tech policy think tank, said the proposed amendments could lead to an excessive centralisation of user data, raising concerns about proportionality under the Puttaswamy judgment and 'potentially clashing with the privacy safeguards outlined in the Digital Personal Data Protection (DPDP) Act'. The amendments also target mobile device fraud through stricter IMEI (International Mobile Equipment Identity) controls. Manufacturers must ensure new devices don't reuse IMEI numbers already in use in India's networks. The government will maintain a central database of tampered or blacklisted IMEIs, with second-hand phone sellers required to check this database before any sale - at a cost of 10 rupees per IMEI check. The rules also grant authorities sweeping powers to 'temporarily suspend use of the relevant telecommunication identifier' for both telecom operators and TIUEs if security concerns arise. The proposed rules are open for public consultation for 30 days before implementation. The DoT was not immediately available for comment.
Time of India
3 days ago
- Business
- Time of India
Digital safety: DoT proposes stricter cybersecurity rules; central Mobile Number Validation Platform to combat fraud
The department of telecommunications (DoT) has proposed sweeping changes to India's telecom cybersecurity framework, allowing it to mandate mobile number or identity verification through a centralised government-run platform, as part of efforts to crack down on online fraud and spoofing. Tired of too many ads? go ad free now According to a draft notification of the amended Telecommunications (Telecom Cyber Security) Rules, 2024, the DoT has suggested creating a 'Mobile Number Validation' (MNV) platform that will be accessible to telecom operators and entities such as banks, financial institutions, and e-commerce companies. As per ET, these authorised stakeholders will be allowed to verify users' mobile numbers by paying a prescribed fee. 'With a view to ensuring telecom cyber security and prevent security incidents, the Central Government shall by itself, or through an agency authorised by the Central Government, establish an MNV platform,' the DoT stated in the notification. The government can also direct device manufacturers to assist in identifying tampered phones using duplicate IMEI numbers, and maintain a database of such compromised devices. The platform will offer tiered pricing for verification requests that government-authorised entities can access it at Rs 1.5 per request, while all others will be charged Rs 3 per validation. Notably, under the draft rules, the government can immediately suspend a mobile number without notice if it believes the action is necessary in the public interest. The changes also give law enforcement agencies and authorised government bodies the ability to collect transaction histories involving mobile numbers from non-telecom entities. Tired of too many ads? go ad free now The draft introduces a new category called 'Telecommunication Identifier User Entities' (TIUEs), which includes all businesses and platforms that use mobile numbers to authenticate customers, such as banks verifying UPI-linked numbers. As per news agency PTI, at least one major bank has already begun piloting the MNV system, flagging numbers involved in fraudulent transactions for 90-day deactivation. Once the period ends, the number's history is deleted to prevent issues for future users. The new cybersecurity rules have triggered debate over their broader implications. While experts recognise the importance of enhanced protection, they also point to potential challenges. 'The proposed Telecom Cybersecurity Amendment Rules 2025 represent a strong policy move toward securing India's digital infrastructure,' said Tarun Wig, co-founder and CEO at Innefu Labs, as quoted by ET. However, he warned of 'potential friction around data privacy, integration complexity, and the cost of compliance, especially for smaller digital platforms and startups.' Wig added, 'Operationalising such a system at scale while ensuring minimal disruption and maximum data protection will be a key challenge.' The DoT has invited public comments on the draft rules within 30 days of publication.
&w=3840&q=100)
Business Standard
4 days ago
- Business
- Business Standard
DoT proposes new cybersecurity rules to combat mobile number fraud
The Department of Telecommunications (DoT) has proposed changes to the country's cybersecurity framework to reduce fraud involving the misuse of mobile phone numbers. In a draft proposal released on June 24, the DoT has suggested the creation of a new verification system for mobile numbers. This platform would allow authorised parties, such as telecom operators and licensed entities, to verify whether a number is valid and listed in the database of a recognised operator. The proposed platform, referred to as the Mobile Number Validation (MNV) platform, aims to help organisations — such as banks using mobile numbers for UPI transactions — verify the authenticity of those numbers. Entities using numbers to be classified as TIUE Under the draft rules, organisations that use mobile numbers to identify users or validate transactions will be classified as Telecommunication Identifier User Entities (TIUE). The draft also details the cost of validating numbers using the MNV platform. Government-authorised entities will be charged ₹1.50 per request, while other organisations will pay ₹3 per request. The proposed rules will grant greater powers to government-approved bodies and law enforcement agencies, allowing them to access details of transactions conducted through non-telecom entities. Pilot project already underway A pilot initiative is already in progress, according to PTI sources. At least one bank is testing the new validation process, under which mobile numbers linked to fraudulent activity are flagged. If a number is flagged, it will be deactivated for 90 days. 'The history of the number will automatically get deleted after 90 days so that an individual who procures the same number after 90 days is not impacted,' said a source. The DoT has invited feedback on the proposed changes. Stakeholders have 30 days from the release of the draft to submit their comments. DoT measures to prevent cybercrime Earlier this year, the Ministry of Communications outlined a range of measures taken by the DoT to protect citizens from cybercrime and financial fraud. These included developing a system to detect mobile connections obtained through fake documents and launching the Sanchar Saathi platform — available via web portal and mobile app — which enables users to report fraud, check mobile connections issued in their name, and block stolen devices. Additionally, the Digital Intelligence Platform (DIP) was launched to facilitate information sharing among 540 organisations, including banks, police, and security agencies, to combat misuse of telecom resources. To counter the growing threat of international spoofed calls mimicking Indian numbers, the DoT and telecom service providers have implemented a system to identify and block such calls, which are often linked to scams such as fake digital arrests and impersonation of officials. The Ministry of Home Affairs has also launched the National Cyber Crime Reporting Portal, while the DoT notified the new Telecom Cyber Security Rules and established a Telecom Security Operation Centre (TSOC) to monitor and alert stakeholders about potential threats.
