Skip to content
India’s Ministry of Home Affairs, SBI Cards and Payment Services Ltd. (SBI Card), and telecom operators have joined forces to develop an innovative solution to combat the rising threat of cyber fraud and phishing attacks in the banking sector.
Sources familiar with the matter revealed that the government is currently testing a solution that enables banks to monitor a customer’s registered address and geolocation where a one-time password (OTP) is being delivered. Customers will be alerted about a potential phishing attempt if any inconsistency is detected between the two locations.
“The solution is in its testing phase; it’s early days, but the concept is to track the customer’s geolocation via telecom databases and ensure that the OTP is being sent to the correct area,” a senior banker told the Economic Times.
The Reserve Bank of India wanted to implement an additional layer of authentication for digital payment transactions to counter fraud.
However, fraudsters have developed sophisticated methods to either steal OTPs from unsuspecting bank customers or divert OTPs to their own devices through fraudulent means, rendering the second factor of authentication ineffective in combating cybercrimes.
An official explained that in case of any discrepancy in the OTP delivery location, we can take two steps: either issue an alert on the device or block the OTP altogether.
While the specifics of the solution are still being refined in collaboration with telecom companies, real-time verification of a customer’s SIM location can be cross-referenced with the geolocation of OTP delivery. Banks also possess customer residence data, necessitating the development of real-time capabilities to triangulate the data.
“For example, if a customer resides in Bengaluru but the OTP is being delivered in a location in Uttar Pradesh where they have never been or made recent calls from, indicating they are not traveling there, this would raise a red flag,” the banker elaborated.
According to the Indian Cyber Crime Coordination Centre (i4C), cybercriminals siphoned off as much as Rs 10,319 crore between April 2021 and December 2023. The majority of these crimes involved non-state actors and were traced back to China, Cambodia, and Myanmar.
Under i4C, the government established the ‘Citizen Financial Cyber Fraud Reporting and Management System,’ which has successfully prevented fraudulent transfers totaling about Rs 1,200 crore from over 470,000 citizen complaints received until February 2024.
As disclosed by the government body in February, in the calendar year 2023 alone, the registry received 1.12 million complaints amounting to Rs 7,488 crore in fraudulent transfers.
