.svg)
The Reserve Bank of India (RBI) has announced a new set of regulatory measures to combat financial fraud being conducted through voice calls and SMS.
The central bank’s new measures, which will be enforced starting March 31, 2025, apply to all payment service providers (PSPs) operating in India, including both banks and non-bank entities.
With the rise in digital transactions, the misuse of customer mobile numbers has become a growing concern in India.
As in other countries, fraudsters are exploiting mobile numbers for account authentication, payment notifications and transaction alerts.
To address this issue, the RBI has mandated the use of the Mobile Number Revocation List (MNRL) service, provided by the Ministry of Communications.
PSPs are required to incorporate this service into their standard operating procedures to clean up customer databases, flag suspicious numbers and enhance fraud monitoring efforts.
The RBI has also made it mandatory for institutions to share verified details of their customer care numbers with the Ministry of Communications for publication on the Sanchar Saathi platform, a government-verified portal.
The aim is to help customers access legitimate support channels and avoid falling victim to scams.
Guidelines for communications
Another key aspect of the safeguards is adherence to the commercial communications guidelines issued by the Telecom Regulatory Authority of India (TRAI).
For example, financial institutions will have to register on the Distributed Ledger Technology (DLT) platform and use designated numbering series: "140" for promotional messages; and "160" for transactional and service communications.
PSPs are also required to register headers, message formats and customer consent records with the TRAI.
These moves sit alongside new data security measures to protect customer information from misuse or potential leaks.
The RBI has emphasised the need for increased consumer awareness, such as legitimate communication formats, trusted helplines and methods to identify fraudulent messages and calls.
Institutions have also been urged to use emails, SMS and other outreach channels, including in regional languages, to educate customers on these safeguards.
The central bank has said that it expects full compliance with these directives by the effective date.
New compliance requirements for PSPs
The new safeguards introduced by the RBI will lead to higher compliance burdens for PSPs operating in India.
They will certainly be an adjustment, albeit a necessary one in times of rampant authorised push payment (APP) fraud that exploits pathways such as SMS.
There is little chance of being out of scope, either. At the start of the circular, the RBI addresses “Chairman/Managing Director/CEOs, All Commercial Banks (including Regional Rural Banks, Small Finance Banks, Payment Banks, and Local Area Banks), All Primary (Urban) Co-operative Banks, State Co-operative Banks, District Central Co-operative Banks, All Prepaid Payment Instrument Issuers, All Non-Banking Financial Companies (including Housing Finance Companies), All Credit Information Companies, All Payment Aggregators, All Payment Systems Participants & Payment System Providers”, and there are few payments organisations that will not be licensed as one of these in the country.
PSPs should prioritise integrating the MNRL into their systems, working closely with the Ministry of Communications to understand the technical and operational requirements.
In addition, PSPs need to complete the DLT registration process with the TRAI. This involves setting up systems to manage message headers, templates and customer consent records in compliance with regulatory standards, ensuring consistent and secure communication practices.
Carrying out a thorough audit of customer communication processes is essential to ensure adherence to TRAI guidelines, and PSPs should verify that all promotional and transactional messages use the designated numbering series and conform to approved formats.
This will help maintain customer trust and reduce the risk of fraud.
Staff training is vital to ensure smooth implementation of these changes, alongside customer education campaigns that promote awareness of legitimate communication formats and help users better identify scams.
The impact on telcos
Telecommunications firms will also play an important role in implementing these safeguards, as they are, of course, the infrastructure providers for the communication channels being targeted by fraudsters.
The mandatory use of DLT platforms, in particular, will trigger additional responsibilities on such organisations to verify and monitor communications from financial institutions.
They will need to ensure that the numbering series "140" and "160" are used appropriately, and will also need to manage the Sanchar Saathi platform, ensuring that all registered customer care numbers from financial institutions are accurate.
This will add another layer of oversight to their operations, and require investment in systems to manage and verify this data.
Adequate cooperation with telecoms firms, regulatory bodies and technology providers is vital for smoothing out the compliance process.
