Bank OTP frauds on the rise: Here's what govt is doing to tackle it

The govt is currently testing a system that will allow banks to securely track a customer's registered address and geolocation to ensure the secure delivery of OTPs

The Ministry of Home Affairs (MHA), SBI Cards and Payment Services Ltd (SBI Card), and telecom operators have joined forces to develop an innovative solution to alert users about stolen one-time passwords (OTPs), aiming to combat the rising threat of cyber fraud and phishing attacks in the banking sector, reported The Economic Times (ET).

Enhanced OTP security measures

Sources familiar with the matter told ET that the government is currently testing a system that will enable banks to track a customer's registered address and geolocation to ensure OTPs are delivered securely. If there's a discrepancy between the two locations, the customer will be notified of a potential phishing attack.

"The solution is still in the testing phase; it's early days, but the idea is to track the customer's geolocation through telecom data to ensure the OTP is going to the correct area," a senior banker said.

RBI's push for additional authentication

The Reserve Bank of India (RBI) has advocated for an additional layer of authentication for digital payment transactions to combat fraud. However, fraudsters have evolved, finding ways to either deceive customers to obtain OTPs or reroute OTPs to their own devices fraudulently, rendering the second factor of authentication ineffective against cybercrimes.

"In the event of an issue with the OTP delivery location, we can take two actions—either send an alert to the device or block the OTP altogether," another official added.

Real-time verification and triangulation of data

Although the details of the solution are still being finalised with telecom companies, a customer's SIM location can be verified in real time and compared with the geolocation of OTP delivery. Banks also maintain data on customers' addresses, requiring the development of capabilities to triangulate this data in real time, an executive told ET.

"For example, if a customer lives in Bengaluru and the OTP is being delivered in a location in Uttar Pradesh where the person has never been or made recent calls from, indicating they are not traveling there; this is a typical red flag scenario," the banker noted.

Rise in cybercrimes and government response

According to the Indian Cyber Crime Coordination Centre (i4C), cybercriminals siphoned off approximately Rs 10,319 crore between April 2021 and December 2023. Most of these crimes originated from China, Cambodia, and Myanmar, involving non-state actors, said the government body.

As part of i4C, the government launched the 'Citizen Financial Cyber Fraud Reporting and Management System,' which has prevented about Rs 1,200 crore of fraudulent transfers from over 470,000 citizen complaints received by February 2024.

In 2023 alone, the registry received 1.12 million complaints, totaling Rs 7,488 crore of fraudulent transfers, the government body said in February.