Telecom companies in India need to implement stringent preventive and punitive measures to counter the menace of online frauds executed through spam SMS or calls, a top Paytm Payments Bank (PPB) executive said on Thursday.
Paytm Payments Bank, which also houses the Paytm wallet, recently filed an FIR against fraudsters.
“Telecom players should act fast to counter the menace of online frauds, where consumers are duped via fake SMSes and calls done on their networks,” Jatinder Thakar, Senior Vice President — Risk Management at Paytm Payments Bank told IANS.
Paytm Payments Bank said it is working closely with the Reserve Bank of India (RBI), Telecom Regulatory Authority of India (TRAI), Ministry of Electronics and Information Technology (MeitY), banks and telcos to ensure that customers do not get duped by fraudsters.
Considering the ways in which fraudsters have deceived customers, a telco that does not take action on fraudulent use of telecom resources is the weakest link and origination point of cyber fraud, the company said.
“Fraudsters are continuing to use the telco platforms to spam millions of telecom users with phishing and other such fraudulent SMSes and calls. Even if 0.01 per cent of this base gets defrauded, it is a huge number, and a loss of hard earned money for these victims, to the tune of lakhs of rupees,” Thakar added.
Fraudsters take advantage of multiple lapses in the processes today, such as the very limited “Know Your Business” process followed by telcos before issuing bulk SMS facility to an organisation/institution/individual. This makes it very easy for fraudsters to register and start sending millions of SMSes in bulk.
In addition, the limited KYC requirements are paper-based KYC despite having the option of digital KYC or video KYC. Moreover, fraudsters can still target most of the customers who have their number in Do Not Disturb (DND) registry of TRAI. Fraudsters can very easily send spoof SMSes from headers like “PYTM” or “PAY TM”, with no challenges, PPB said.
Cybercriminals can also impersonate banks by putting in content like “Your Paytm account will be blocked”, and there is no check on SMS content. Lack of an intelligent system for blocking of issuance of SIM cards to identified fraudsters is another issue, according to the company. Even if a single mobile number of the fraudster is identified, caught and blocked, the fraudster can simply issue a new SIM and start all over again.
“As a first step, the initial due diligence needs to be made more stringent so that telecom resources (bulk SMS and calling facility) are not provided by telcos to fraudsters, and are for a legitimate use,” said Thakar.
“Further, if a customer or a bank files a complaint against fraudulent messages/calls, the telecom service provider should be able to block such fraudsters immediately, and provide their due diligence details to law enforcement agencies immediately for strict action” he added.
On its part, PPB said it has been taking major countermeasures to safeguard user accounts including the use of the latest cybersecurity tools with important updates.
The new feature analyses ‘rogue’ apps such as Teamviewer, Anydesk and Quicksupport on user devices which might trigger fraudulent transactions and advises users to uninstall them.
The bank is also leveraging Artificial Intelligence (AI) to instantly detect suspicious transactions. Depending on the identified threat level of a transaction, the AI either slows it down or completely blocks the payment from getting completed.
The AI has been specifically designed keeping in mind the patterns of the various scams being run by fraudsters and is, therefore, able to combat most attacks on user accounts in real-time, PPB said, adding that the feedback on the new security features has been overwhelmingly positive.
“Our purpose is to build a trusted digital payments ecosystem and prevent customers from getting duped by such frauds. When an individual customer loses money through these frauds, it adversely impacts the growth and trust in digital payments. Telcos are the most important stakeholder, as their channel is used to proliferate these frauds, need to expedite their actions to stop such fraudulent activities,” Thakar said.