No more OTP frauds? Home Ministry teams up with SBI Cards, telecom operators for innovative solution on stolen one-time passwords

No more OTP frauds? India’s dwelling ministry, SBI Cards and Payment Services Ltd (SBI Card), and telecom operators are collaborating to create a solution that can alert prospects about stolen one-time passwords (OTPs) as half of a bigger initiative to deal with the growing danger of cyber fraud and phishing assaults on the banking system.
According to 2 people acquainted with the matter, the federal government is evaluating a solution that can allow banks to watch a buyer’s registered deal with and the geolocation the place an OTP is being delivered.If there’s a discrepancy between the 2 places, the client might be notified of a possible phishing try, stated an ET report. The solution is at present within the testing part, and the objective is to make use of the telecom database to trace the client’s geolocation and be certain that the OTP is being despatched to the right location.
The Reserve Bank of India had advocated for a further issue of authentication for any digital fee transaction primarily to forestall fraud. However, over time, fraudsters have developed subtle capabilities to both steal OTPs by deceiving unsuspecting financial institution prospects or redirect OTPs to their very own units via fraudulent means, rendering the second issue of authentication ineffective in combating cybercrime.

If there’s a drawback with the OTP supply location, two steps might be taken: both an alert might be displayed on the machine, or the OTP might be blocked completely. While the specifics of the solution are nonetheless being developed with telecom firms, a buyer’s SIM location might be verified in real-time and in comparison with the geolocation of OTP supply. Banks even have their very own information on prospects’ residences, so capabilities will should be developed to triangulate the info in real-time.
Also Read | Getting unsuitable calls from mortgage restoration brokers, unable to hyperlink quantity with checking account? You could have gotten a recycled cell quantity
“For instance, the customer lives in Bengaluru and the OTP is getting delivered in some place in Uttar Pradesh where the person has never been or from where the person has not made any calls recently, which means he or she is not traveling to that place; this is a typical red flag scenario,” a banker stated.
According to the Indian Cyber Crime Coordination Centre (i4C), cyber criminals siphoned off as a lot as Rs 10,319 crore between April 2021 and December 2023. The majority of the crimes originated in China, Cambodia, and Myanmar and concerned non-state actors. Under i4C, the federal government established the ‘Citizen Financial Cyber Fraud Reporting and Management System’, which has prevented roughly Rs 1,200 crore in fraudulent transfers from more than 470,000 citizen complaints obtained till February 2024. In the calendar yr 2023, the registry obtained 1.12 million complaints totaling Rs 7,488 crore in fraudulent transfers.