The Indian Ministry of Home Affairs, SBI Cards and Payment Services Ltd (SBI Card), and telecom operators have joined forces to develop an innovative solution aimed at combating the rising threat of cyber fraud and phishing attacks in the banking sector.
The solution, which is currently in its testing phase, enables banks to monitor both the registered address and geolocation of a customer where a one-time password (OTP) is being delivered. If any inconsistency is detected between the two locations, customers will be alerted about a potential phishing attempt.
The Reserve Bank of India (RBI) wanted to implement an additional layer of authentication for digital payment transactions to counter fraud. However, fraudsters have developed sophisticated methods to either steal OTPs from unsuspecting bank customers or divert OTPs to their own devices through fraudulent means, rendering the second factor of authentication ineffective in combating cybercrimes.
In case of any discrepancy in the OTP delivery location, banks can either issue an alert on the device or block the OTP altogether.
The solution is being refined in collaboration with telecom companies, and real-time verification of a customer’s SIM location can be cross-referenced with the geolocation of OTP delivery. Banks also possess customer residence data, necessitating the development of capabilities to triangulate the data in real time.
For example, if a customer resides in Bengaluru but the OTP is being delivered in a location in Uttar Pradesh where they have never been or made recent calls from, indicating they are not travelling there; this would raise a red flag.
According to the Indian Cyber Crime Coordination Centre (i4C), cybercriminals siphoned off as much as Rs 10,319 crore between April 2021 and December 2023. The majority of these crimes were traced back to China, Cambodia, and Myanmar, involving non-state actors.
Under i4C, the government established the ‘Citizen Financial Cyber Fraud Reporting and Management System,’ which has successfully prevented fraudulent transfers totalling about Rs 1,200 crore from over 470,000 citizen complaints received until February 2024. In calendar year 2023 alone, the registry received 1.12 million complaints amounting to Rs 7,488 crore in fraudulent transfers.
