DoT proposes new cybersecurity rules to combat mobile number fraud

The Department of Telecommunications has proposed new cybersecurity rules to curb fraud by verifying mobile numbers through a new validation platform and empowering government agencies

The Department of Telecommunications (DoT) has proposed changes to the country's cybersecurity framework to reduce fraud involving the misuse of mobile phone numbers.

 

In a draft proposal released on June 24, the DoT has suggested the creation of a new verification system for mobile numbers. This platform would allow authorised parties, such as telecom operators and licensed entities, to verify whether a number is valid and listed in the database of a recognised operator.

 

The proposed platform, referred to as the Mobile Number Validation (MNV) platform, aims to help organisations — such as banks using mobile numbers for UPI transactions — verify the authenticity of those numbers.

Entities using numbers to be classified as TIUE

Under the draft rules, organisations that use mobile numbers to identify users or validate transactions will be classified as Telecommunication Identifier User Entities (TIUE).

 

The draft also details the cost of validating numbers using the MNV platform. Government-authorised entities will be charged ₹1.50 per request, while other organisations will pay ₹3 per request.

 

The proposed rules will grant greater powers to government-approved bodies and law enforcement agencies, allowing them to access details of transactions conducted through non-telecom entities.

Pilot project already underway

A pilot initiative is already in progress, according to PTI sources. At least one bank is testing the new validation process, under which mobile numbers linked to fraudulent activity are flagged.

 

If a number is flagged, it will be deactivated for 90 days. “The history of the number will automatically get deleted after 90 days so that an individual who procures the same number after 90 days is not impacted,” said a source.   

Massive data breach exposes 16 billion passwords: What should you do? | Cybersecurity

 

The DoT has invited feedback on the proposed changes. Stakeholders have 30 days from the release of the draft to submit their comments. 

Speaking on this, Binoy Koonammavu, Founder & CEO of ValueMentor, said, "Strengthening mobile identity verification through the MNV platform will play as a vital move as it will drastically reduce SIM swap attacks, impersonation, and account takeover which are common enablers of digital payment frauds. Through authenticating users at the telecom level, it blocks burner numbers and protects vulnerable populations from cyber scams."

 

He added, "For organisations, a single-source verification system backed by authoritative “yes” or “no” responses streamlines onboarding and secures high-value transactions. The classification of TIUEs also brings clearer accountability and faster coordination. Features like audit trails and IMEI controls that ban the reuse of old IMEI numbers will help shut down the stolen handset market. The government’s move is a very significant one because it takes care of these concerns."

DoT measures to prevent cybercrime

Earlier this year, the Ministry of Communications outlined a range of measures taken by the DoT to protect citizens from cybercrime and financial fraud. These included developing a system to detect mobile connections obtained through fake documents and launching the Sanchar Saathi platform — available via web portal and mobile app — which enables users to report fraud, check mobile connections issued in their name, and block stolen devices.

 

Additionally, the Digital Intelligence Platform (DIP) was launched to facilitate information sharing among 540 organisations, including banks, police, and security agencies, to combat misuse of telecom resources.

 

To counter the growing threat of international spoofed calls mimicking Indian numbers, the DoT and telecom service providers have implemented a system to identify and block such calls, which are often linked to scams such as fake digital arrests and impersonation of officials.

 

The Ministry of Home Affairs has also launched the National Cyber Crime Reporting Portal, while the DoT notified the new Telecom Cyber Security Rules and established a Telecom Security Operation Centre (TSOC) to monitor and alert stakeholders about potential threats.