India’s Department of Telecommunications (DoT) has introduced a significant regulatory measure aimed at bolstering the security of messaging applications. In a move to combat the rising tide of cyber fraud, the DoT now mandates that messaging services operate solely with active SIM cards linked to users’ phone numbers. This initiative is designed to mitigate the misuse of communication platforms that have become increasingly vulnerable to fraudulent activities.
The announcement from the DoT highlights a growing concern: certain app-based communication services have been allowing users to access their features without the necessary Subscriber Identity Module (SIM) present in the device. This loophole has been exploited by fraudsters, particularly those operating from outside India, to perpetrate cyber crimes.
Under the new regulations, popular messaging applications such as WhatsApp, Telegram, Signal, and Snapchat must comply with the SIM-binding rules within a 90-day timeframe. This amendment to the 2024 Telecom Cyber Security Rules is a proactive step to address various fraudulent activities, including phishing schemes and scams, by ensuring that telecom identifiers cannot be misused.
Enhanced Security Measures
One of the key components of the new regulations is the requirement for web sessions to automatically log out after six hours. This measure is intended to close security gaps that have been exploited for large-scale, cross-border fraud. Currently, accounts can remain active even after a SIM card is removed or deactivated, complicating efforts to trace and dismantle fraudulent operations.
The DoT’s statement elaborates on the risks associated with long-lived web sessions, which allow fraudsters to control victims’ accounts from remote locations without needing the original device or SIM. By enforcing periodic re-authentication, the new rules aim to significantly reduce the potential for account takeovers and remote-access misuse. This approach not only enhances security but also increases the detectability of fraudulent activities.
Mandatory SIM-device binding and the requirement for periodic logouts will ensure that every account and web session is tied to a live, KYC-verified SIM. This improvement in traceability is expected to be particularly effective in combating phishing, digital arrests, and scams related to loans and investments. Notably, users who are roaming with their SIMs will not be affected by these new regulations.
As cyber-fraud losses in India reached an alarming ₹22,800 crore in 2024, these Telecom Cyber Security measures represent a crucial step toward restoring trust in digital communication. By extending device-binding practices, which have been successful in the banking sector, to messaging applications, the government aims to create a safer online environment for all users.
