Paytm moves Delhi HC claiming telcos not stopping 'phishing' over networks

One97 Communications Ltd, which runs the online payment platform Paytm, has moved the Delhi High Court alleging that telecom service providers are not blocking fraudsters who are defrauding its customers by "phishing" activities over the various mobile networks.

Paytm has claimed that millions of its customers have been defrauded by the phishing activities over the mobile networks and the failure of the telecom companies to prevent the same has "caused financial and reputational loss" to it for which it has sought damages of Rs 100 crore from them.

Phishing is a cybercrime where people are contacted by email, phone calls or text messages by someone posing as a legitimate representative of a organisation to lure them to part with their sensitive data, inlcuding banking and credit card details and passwords.

Paytm , in its petition, has contended that the telecom majors -- Airtel, Reliance Jio, BSNL,MTNL and Vodafone -- are violating their obligations under the Telecom Commercial Communications Customer Preferences Regulations (TCCCPR) 2018 which was notified by the Telecom Regulatory Authority of India (TRAI) to curb problem of unsolicited commercial communications.

Paytm has contended that under the regulations, the telecom companies are required to verify purported telemarketers seeking registration (called registered telemarketers or RTMs) with them before granting access to their customer data and also take action immediately against all fraudulent RTMs.

The petition has contended that the telcos "failure" to undertake proper verification prior to such registration enables fraudulent telemarketers to carry out phisihing activities against customers of Paytm and its associate companies.

It has further contended that under the statutory regime it is the telecom companies responsibility to prevent such fraud and deter the fraudsters through blocking and/or financial disincentives.

Explaining the modus operandi of the fraudsters, Paytm has said that such people or entities get registered with the telecom companies and get assigned themselves headers, like Paytm, PYTM, PTM, IPAYTN, PYTKYC and its derivatives, which are similar to official headers of Paytm -- including BPaytm, FPaytm, PAYTMB, Ipaytm and mPaytm -- and then send messages to its customers for getting their sensitive and private information, including account details and passwords.

The messages usually contain some link which when clicked installs a software on the phone allowing the fraudster to get the customer's financial account details stored on the device, the petition has said.

Some fraudulent RTMs call the customers and seek their private information under the pretext of completing their KYC (know your customer) requirements for making their Paytm wallets operational, it said.

Paytm has sought directions from the court to TRAI to ensure complete and strict implementation of TCCCPR provisions to curb fraudulent unsolicited commercial communications sent over mobile networks and to take action against the telecom companies for violating their obligations to verify telemarketers under the regulations.

It has also sought direction to the Centre to ensure no sim care is sold without proper verification and to establish an inter-agency task force to coordinate action for limiting fraud taking place over telecom networks.

Paytm has alleged that even after violations were brought to the notice of the telecom companies they failed to take prompt action to block the fraudulent RTMs and impose financial disincentives against them.

It has sought a direction to the telecom companies to take effective action under the TCCCPR to block the phone numbers of the telemarketers who are sending unsolicited commercial communications.

Paytm has also claimed that certain TCCCPR provisions provide for action only against those telemarketers who make unsolicited communications in bulk and provide for only graded penalties and had has sought an order declaring such regulations as unconstitutional and ultra vires the TRAI Act.

It has also sought a declaration from the court that under the regulations the telecom companies are obligated to put in place mechanisms to register reports of violations from customers.