India combats mobile fraud with tech-powered solutions

With 117 crore subscribers, India has emerged as the second largest telecom ecosystem in the world. In addition to communication, mobile phones are being used for banking, entertainment, e-learning, healthcare, availing government services etc.

Various frauds such as identity theft, forged KYC, banking frauds can take place by misusing mobile phones. Safety and security of the users is an integral part of Government of India’s vision of Digital India. In tune with this vision, the Sanchar Saathi portal was launched by DOT. This portal has been developed inhouse to prevent frauds

This portal consists of the following modules:

1. CEIR (Central Equipment Identity Register): This module is useful to the user in recovering the lost mobile phone and to check IMEI genuineness before buying a mobile phone.

2. TAFCOP (Telecom Analytics for Fraud Management and Consumer Protection): This module helps the user to know the mobile connections registered in his name and to report fraudulent or unrequited connections.

3. ASTR (Artificial Intelligence and Facial Recognition powered Solution for Telecom Subscriber Verification) - useful to DOT to identify fraudulent subscribers.

The details of the modules are as follows:

CEIR module

This module is developed by CDOT. In case any mobile device is stolen/lost, a user can submit the IMEI (International Mobile Equipment Identity) number of the stolen/lost phone on the portal. Information submitted by the user along with a copy of the police complaint is then verified. The system is integrated with the TSPs (Telecom Service Providers) and LEAs (Law Enforcement Authorities). Once the information is verified, the system blocks the stolen/ lost mobile phone from being used in Indian networks. In case anyone tries to use the stolen/lost phone, the system allows LEAs to trace the phone. When the stolen/lost phone is recovered, the user can unlock the phone on the portal. This module prevents mobile devices with inaccurate or forged IMEIs being used in Indian networks and also facilitates the citizens to check the genuineness of IMEI of their mobile devices.

TAFCOP module

This module is developed by AP LSA. This is based on an AI algorithm that facilitates a mobile user to check the number of mobile connections taken in his/her name using paper-based documents. User enters his/ her mobile number on the portal and authenticates using OTP. The system shows the total connections taken in his/her name using paper-based documents (such as paper-based Aadhar, passport etc.). It also allows reporting by the user connection which is not taken by the user or not required by him/her. After reporting by the user, the system triggers a re-verification process and such connection is terminated.

ASTR module

Mobile connections obtained using fake/forged documents are used for cyber frauds. To curb this menace, this innovative and indigenous solution is developed by Haryana LSA, DOT. This is an AI-powered tool to identify SIMs obtained using fraudulent/ forged documents. ASTR uses techniques of facial recognition and data analytics. This next gen platform can potentially bring down cyber frauds by detecting and blocking possible fraudulent mobile connections. DOT had issued orders to all the TSPs to share the subscriber database including user’s photos with the department. These images constitute the core database on which ASTR is run. Human faces in subscriber’s images are encoded using Convolutional Neural Networks (CNN) in order to account for the tilt and angle of the face, opaqueness and dark colour of the images. After that, a face comparison is carried out for each face against all faces in the database and similar faces are grouped under one directory. Two faces are considered to be identical by ASTR if they match to the extent of at least 97.5 per cent. ASTR is capable of detecting all SIMs issued against a suspected face in less than 10 seconds from a database of one crore images. Once the faces are matched, ASTR’s algorithm uses Fuzzy logic (Fuzzy logic is a mathematical approach that deals with uncertainty and imprecise information. It allows for the representation of vagueness and partial truth, unlike traditional binary logic) to find similarity or approximate matches for the subscriber names. It also accounts for typographical errors while filling CAF (Customer Application Form). This platform:

• Look up if there are more than nine connections against a single individual's photograph. As per DOT norms, not more than nine mobile connections are allowed to work for each individual in India.

• It runs a search through the database to see if the same person has taken SIMs under different names.

In the first phase, connections with paper based KYC were analysed.

Achievements of Sanchar Saathi portal

Using the CEIR module, about 15 lakh mobile phones were blocked based on complaints received about stolen/ lost mobile phones of which about 8 lakh mobile phones have been traced.

Using TAFCOP, about 64 lakh subscribers complained about fraudulent connections registered in their name. 54 lakh complaints have been resolved.

Using ASTR, analysis of more than 114 crore mobile connections was carried out. For this data processing, Param-Siddhi Supercomputer was used. Multiple cases were detected where one photograph was used to obtain hundreds of connections. A total of 66 lakh suspected mobile connections were detected. After due verification 52 lakh connections have been disconnected. Remaining are under process. More than 67,000 Points of Sale (POS) involved in selling such mobile connections have been blacklisted by the TSPs and more than 300 FIRs have been lodged across India. More than 66,000 WhatsApp accounts have been blocked. About 8 lakh bank/wallet accounts used by fraudsters have been frozen. The details of disconnected numbers have been shared with banks, payment wallets and social media platforms for disengaging these numbers with their accounts.

KYC reforms and POS registration reform

In continuation of the above reforms, to foster a digitally inclusive society while maintaining the highest standards of security and customer protection, two reforms were launched by DOT on August 17, 2023:

KYC reforms

1. To prevent misuse of printed Aadhaar, the demographic details will mandatorily be captured by scanning the QR code of printed Aadhaar.

2. In case of disconnection of a mobile number, it will not be allocated to any other new customer till expiry of 90 days.

3. A subscriber has to undertake complete KYC for SIM replacement/ swap and there will be a bar on outgoing and incoming SMS facilities for 24 hours.

4. In addition to thumb impression and iris-based authentication in Aadhaar based E-KYC process, facial based biometric authentication is also permitted.

5. In case of business connections, SIMs will be activated only after complete KYC of end users and physical verification of premises/address.

POS registration reform

This reform introduces the process of mandatory registration of franchisees, agents and distributors by the TSP. This process includes verification of POS. If a POS indulges in any illegal activity, it will be terminated and blacklisted for 3 years. All the existing POS will be registered within 12 months.

Measures to curb the misuse of telecom resources

On March 4, 2024, DOT launched its Digital Intelligence Platform (DIP) to curb the misuse of telecom resources in cyber-crimes and in financial frauds. It also launched the ‘Chakshu’ module on the Sachar Saathi portal to enable citizens to report suspected fraud communication. This module is developed by the Digital Intelligence Unit (DIU) of DOT.

DIP is a secure and integrated platform for real time intelligence sharing, information exchange and coordination among the stakeholders, including TSPs, LEAs, banks and financial institutions, social media platforms, identity document issuing authorities among others. The portal also contains information regarding the cases detected as misuse of telecom resources. It also works as a backend repository for the citizen-initiated requests on the Sanchar Saathi portal for action by the stakeholders. DIP is not accessible to citizens.

‘Chakshu’ module facilitates citizens to report suspected fraud communication received over call, SMS or WhatsApp with the intention of defrauding like KYC expiry or update of bank account/payment wallet/SIM/gas connection/electricity connection, impersonation as a government official for sending money among others. This initiative helps to mitigate the increasing number of cyber frauds in today’s digital era.

TRAIs restriction on porting immediately after SIM swap

To prevent frauds, TRAI has imposed a restriction that if a SIM has been swapped or replaced, the mobile number associated with it will not be allowed to be ported out for a period of 7 days. The UPC (Unique Porting Code) will not be allocated if the request for UPC has been made before the expiry of seven days from the date of SIM swap or replacement. This restriction will come into effect from July 1, 2024.

This restriction is imposed based on the input from DOT. DOT had written to TRAI about criminals/fraudsters porting out mobile connections by way of fraudulent SIM swaps and replacement.

Way forward

User safety is an important part of the Telecom Act. Consumer centric reforms introduced recently by DOT are in the right direction. DOT/TSPs should give wide publicity to CEIR, TAFCOP and Chakshu modules of Sanchar Saathi portal so that maximum users can get benefit out of them. They should also educate the users on how to use these modules. Stolen cases of costly mobile phones are increasing nowadays. Customers should be advised to note down the IMEI number of their mobile phones so that they can submit this number while lodging a complaint in Sanchar Saathi portal, in case of theft/loss of their mobile phones.

SIMs taken on forged documents and in third party’s names are involved in the majority of crimes, taking advantage of anonymity and traceability of these SIMs. The fraudsters are creating fake/forged documents with such advanced techniques that conventional text-based analysis can never catch them. Using ASTR, such fraudulent connections can be detected by DOT. Users should periodically check mobile connections working on their names using the TAFCOP module of Sanchar Sathi portal and report unauthorised connections registered in their name, if any.

As telecom networks are expanding, cyber users are also increasing along with cyber-crimes. Using the Chakshu module, citizens can report suspected fraud communication so that the authorities can take action to prevent frauds. The Chakshu facility does not handle financial frauds or cyber crime cases and the victims should report such cases at cyber-crime helpline number 1930.

Through the 4G saturation project, BSNL will provide 4G services in remote areas and in villages where 4G signal is not available hitherto. It can’t be expected that all the users in these areas will be aware of likely fraud communications they receive through call, SMS or WhatsApp. BSNL should educate the customers on how to report such likely fraud communications in the Chakshu module of Sanchar Saathi portal and how not to fall prey to cyber frauds.

(The author is a former Advisor, Department of Telecommunications (DoT), Government of India)