8 hours ago
Govt plans mobile number verification for apps, banks
NEW DELHI The move comes as India battles a surge in digital fraud (AFP)
The telecommunications department has proposed sweeping new cybersecurity rules that would require digital platforms to verify customer mobile numbers through a government-run system, as the country grapples with rising online fraud.
The Department of Telecommunications (DoT) unveiled draft amendments dated Tuesday that would establish a Mobile Number Validation (MNV) platform to check whether phone numbers provided by users actually belong to them - a move that could affect millions of Indians using everything from food delivery apps to digital payment services.
India has over 1.16 billion mobile connections and is the world's largest market for digital payments, making it a major target for mobile-based fraud schemes.
The proposed rules target what the government calls Telecommunication Identifier User Entities (TIUEs) - essentially any business that uses mobile numbers to identify customers or deliver services, beyond licensed telecom operators.
'A person, other than a licensee or authorised entity, which uses telecommunication identifiers for the identification of its customers or users, or for provisioning and delivery of services,' the notification states.
While the notification does not specify examples of TIUEs, a DoT official explained to HT that TIUE covers OTT platforms, banks, among other digital services. 'If the services are using mobile numbers or any other telecom identifier, then they will be covered under TIUE.
In other words, this broad definition could include ride-hailing apps like Ola and Uber, food delivery platforms like Zomato and Swiggy, fintech companies, e-commerce sites, and banking apps.
While companies can voluntarily request mobile number verification, the rules make it mandatory 'upon a direction from central or state government or an agency authorised by the central or state government.'
The move comes as India battles a surge in digital fraud, often through stolen or lost SIM cards that are used to make calls or send messages in phishing and more recently 'digital arrests' rackets. The use of mule SIMs are designed to work around strict KYC norms that was initially thought to be effective against crimes.
The draft notification briefly specifies two grounds for the move: 'ensuring telecom cyber security and prevent security incidents'.
According to government data, digital frauds have surged in recent years. In March, the government in a submission to Rajya Sabha stated the number of digital arrest scams and related cybercrimes in the country almost tripled between 2022 and 2024, with defrauded amounts skyrocketing by 21 times during the period.
Cybersecurity experts are divided on the implications. Sandeep K Shukla, a professor at IIT Kanpur, said the anti-fraud benefits could justify privacy concerns.
'This might hamper privacy to some extent, but if you are claiming a number to be associated with a business, it better be associated with the claimed business,' Shukla told HT.
However, Vikram Jeet Singh, a partner at BTG Advaya specialising in internet regulation, raised data protection concerns.
'There are obvious data privacy concerns, and it is not clear what data can be accessed through such a platform. Will it be a simple 'Yes/No' response on validation of a phone number, or can it be used to obtain more personal details of phone users?' Singh questioned.
The draft rules propose a tiered pricing system: government entities get free access, while government-directed validation costs ₹ 1.50 per request. Private companies making voluntary requests pay ₹ 3 per validation.
Singh warned this could create new costs for consumers. 'On a more mundane (but important) level, this may mean that banks and other service providers start charging their customers for 'MNV validation' costs.'
The logistical challenge is immense. 'The MNV database will likely be maintained by creating a record of all active phone numbers in India. Given India has more than 1.5 billion phone numbers, this will not be an easy task in itself,' Singh added.
Kazim Rizvi, founding director of The Dialogue, a tech policy think tank, said the proposed amendments could lead to an excessive centralisation of user data, raising concerns about proportionality under the Puttaswamy judgment and 'potentially clashing with the privacy safeguards outlined in the Digital Personal Data Protection (DPDP) Act'.
The amendments also target mobile device fraud through stricter IMEI (International Mobile Equipment Identity) controls. Manufacturers must ensure new devices don't reuse IMEI numbers already in use in India's networks.
The government will maintain a central database of tampered or blacklisted IMEIs, with second-hand phone sellers required to check this database before any sale - at a cost of 10 rupees per IMEI check.
The rules also grant authorities sweeping powers to 'temporarily suspend use of the relevant telecommunication identifier' for both telecom operators and TIUEs if security concerns arise.
The proposed rules are open for public consultation for 30 days before implementation. The DoT was not immediately available for comment.
