
India’s Ministry of Home Affairs, along with SBI Cards and Payment Services Ltd (SBI Card) and telecom operators, have joined forces to develop an innovative solution to address the growing threat of cyber fraud and phishing attacks in the banking ecosystem. The solution aims to alert customers about stolen one-time passwords (OTP) and enhance the security of digital payment transactions.
Tracking Registered Addresses and Geolocation
The government is currently testing a solution that enables banks to track the registered address and geolocation of a customer, as well as the location where an OTP is being delivered. By comparing the two locations, any discrepancies can be identified, and customers can be alerted about possible phishing attacks. This solution utilizes the telecom database to track the geolocation of the customer and ensure that the OTP is being delivered to the correct area.
Enhancing Authentication and Preventing Fraud
The Reserve Bank of India had previously mandated an additional factor of authentication for digital payment transactions to combat fraud. However, fraudsters have become increasingly sophisticated in their methods of stealing OTPs or rerouting them to their own devices. As a result, the second factor of authentication has become less effective in combating cybercrimes.
The proposed solution aims to address this issue by allowing banks to take action if there are any issues with the OTP delivery location. They can either send an alert to the customer’s device or block the OTP altogether. This will help prevent fraudulent transactions and enhance the security of digital payments.
Real-Time Verification and Triangulation of Data
To implement this solution, telcos will need to collaborate with banks to verify the real-time SIM location of a customer and match it with the geolocation of OTP delivery. Banks also have their own data on customers’ residences, and the solution will require the development of capabilities to triangulate this data in real-time. By doing so, any suspicious activity, such as OTP delivery to an unfamiliar location, can be flagged as a potential red flag scenario.
The Scale of Cybercrime in India
According to the Indian Cyber Crime Coordination Centre (i4C), cyber criminals siphoned off approximately Rs 10,319 crore between April 2021 and December 2023. Many of these crimes were perpetrated by non-state actors originating from countries such as China, Cambodia, and Myanmar. In response, the government established the Citizen Financial Cyber Fraud Reporting and Management System under i4C, which has successfully prevented around Rs 1,200 crore of fraudulent transfers based on over 470,000 citizen complaints received as of February 2024.
In 2023 alone, the registry received 1.12 million complaints, amounting to Rs 7,488 crore in fraudulent transfers. These numbers highlight the urgent need for robust measures to combat cyber fraud and protect the financial security of individuals and businesses in India.