TRAI issues guidelines to Access Service Providers to prevent misuse of messaging services
Introduction
The Telecom Regulatory Authority of India (TRAI) on 20th August 2024 issued directives requiring Access Service Providers to adhere to the specific guidelines to protect consumer interests and prevent fraudulent activities. TRAI has mandated all Access Service Providers to abide by the directives. These steps advance TRAI's efforts to promote a secure messaging ecosystem, protecting consumer interests and eliminating fraudulent conduct.
Key Highlights of the TRAI’s Directives
- For improved monitoring and control, TRAI has directed that Access Service Providers move telemarketing calls, beginning with the 140 series, to an online DLT (Digital Ledger Technology) platform by September 30, 2024, at the latest.
- All Access Service Providers will be forbidden from sending messages that contain URLs, APKs, OTT links, or callback numbers that the sender has not whitelisted, the rule is to be effective from September 1st, 2024.
- In an effort to improve message traceability, TRAI has made it mandatory for all messages, starting on November 1, 2024, to include a traceable trail from sender to receiver. Any message with an undefined or mismatched telemarketer chain will be rejected.
- To discourage the exploitation or misuse of templates for promotional content, TRAI has introduced punitive actions in case of non-compliance. Content Templates registered in the wrong category will be banned, and subsequent offences will result in a one-month suspension of the Sender's services.
- To assure compliance with rules, all Headers and Content Templates registered on DLT must follow the requirements. Furthermore, a single Content Template cannot be connected to numerous headers.
- If any misuse of headers or content templates by a sender is discovered, TRAI has instructed an immediate ‘suspension of traffic’ from all of that sender's headers and content templates for their verification. Such suspension can only be revoked only after the Sender has taken legal action against such usage. Furthermore, Delivery-Telemarketers must identify and disclose companies guilty of such misuse within two business days, or else risk comparable repercussions.
CyberPeace Policy Outlook
TRAI’s measures are aimed at curbing the misuse of messaging services including spam. TRAI has mandated that headers and content templates follow defined requirements. Punitive actions are introduced in case of non-compliance with the directives, such as blacklisting and service suspension. TRAI’s measures will surely curb the increasing rate of scams such as phishing, spamming, and other fraudulent activities and ultimately protect consumer's interests and establish a true cyber-safe environment in messaging services ecosystem.
The official text of TRAI directives is available on the official website of TRAI or you can access the link here.
References
- https://www.trai.gov.in/sites/default/files/Direction_20082024.pdf
- https://www.trai.gov.in/sites/default/files/PR_No.53of2024.pdf
- https://pib.gov.in/PressReleaseIframePage.aspx?PRID=2046872
- https://legal.economictimes.indiatimes.com/news/regulators/trai-issues-directives-to-access-providers-to-curb-misuse-fraud-through-messaging/112669368
Related Blogs
Introduction
India’s telecom regulator, the Telecom Regulatory Authority of India (TRAI), has directed telcos to block all unverified headers and message templates within 30 and 60 days, respectively, according to a press release. The regulator observed that telemarketers were ‘misusing’ headers and message templates of registered parties and asked telcos to reverify all registered headers & message templates on the DLT (Distributed Ledger Technology) platform. All telecom service providers (TSP) have to comply with these directions, issued under the Telecom Commercial Communication Customer Preference Regulations, 2018, within a month, TRAI said in its release. The directions were issued after TRAI held a meeting with telcos on February 17, 2023, to discuss quality of service (QoS) improvements, review of QoS standards, QoS of 5G services and unsolicited commercial communications”, as per its press release.
Why it matters?
It may be useful as it can ensure that all promotional messages are sent through registered telemarketers using only approved templates. It is no secret that the spam problem has been difficult to rein in, so the measure can restrict its proliferation and filter out telemarketers resorting to misuse.
Details about TRAI’s orders
The release said that telcos have to ensure that temporary headers are deactivated immediately after the time duration for which such headers were created. The telcos also have to ensure that there is no space to insert unwanted content in the template of a message where one can add content to be sent to people. Message recipients should not be confused, so telcos must ensure that they register no lookalike headers in the names of different senders.
Measures to check unregistered telemarketers
The release ordered telcos to bar telemarketers not registered on its DLT platform from accessing message templates and scrubbing them to deliver spam messages to recipients on the telco’s network. The telcos have been directed not to allow promotional messages to be sent by unregistered telemarketers or telemarketers using 10-digit telephone numbers. It added that telcos have to take action against erring telemarketers and share details of these telemarketers with other telcos, which will then be responsible for stopping these entities from sending commercial communications through their networks.
How big is the problem of spam?
A survey conducted by LocalCircles said that two out of every three people (66 per cent) in India get three or more spam calls daily. It added that not one person among thousands of respondents checked the box of ‘no spam’.
The platform said that it was a national survey which gathered over 56,000 responses from Indians located in 342 districts. It also found that 92 % of responders said they continue receiving spam despite opting for DND. The DND list is a feature where mobile subscriber can register their number to avoid getting unsolicited commercial communication (UCC).
Addressing the problem of spam
The regulatory body recently released a consultation paper that proposed the idea of providing the real name identity of callers to people receiving calls. The paper said that it would use a database containing each subscriber’s correct name to implement the caller name presentation (CNAP) service. The regulator wants to use details acquired by telecom service providers via customer acquisition forms (CAF).
TRAI formed a joint committee to look at the issue of phishing and cyber fraud in 2022. It included officials from the Reserve Bank of India (RBI) and the Securities and Exchange Board of India (SEBI). The telecom watchdog had laid out a plan to combat SMS and call spam using blockchain technology (DLT). It saw telecom companies and TRAI to build an encrypted and distributed database that will record user consent to be included in SMS or call send-out lists.
According to a press release, the Telecom Regulatory Authority of India (TRAI), the telecom regulator in India, has ordered carriers to block any unverified headers and message templates within 30 and 60 days, respectively.
The regulator saw that telemarketers were “misusing” registered parties’ headers and message templates. Thus, they requested that telecoms validate all of the registered headers and message templates on the DLT (Distributed Ledger Technology) platform.
According to TRAI’s statement, all telecom service providers (TSP) must adhere to these directives within one month under the 2018 Telecom Commercial Communication Consumer Preference Rules. The guidelines were released following a conference with telcos convened by TRAI on February 17, 2023, to discuss quality of service (QoS) enhancements, a review of QoS standards, the QoS of 5G services, and unsolicited commercial communications.
Why it matters?
Requiring that only registered telemarketers send promotional communications using approved templates may prove to be a beneficial safeguard. It is no secret that the spam problem has been challenging to control, so the measure can limit its spread and screen out telemarketers that employ abusive tactics.
Information on the TRAI order
According to the press release, telecoms must ensure that temporary headers are deactivated as soon as the time period they were established has passed. The telecoms must also ensure that there is no room in the message template where one can add content to be sent to recipients for unwanted content. There should be no room for uncertainty among message recipients. Thus, telecoms must ensure that no similar-looking headers are registered under the identities of various senders.
Taking action against unregistered telemarketers In accordance with the directive, telcos must prevent telemarketers who are not registered on their DLT platform from obtaining message templates and using them to send spam to subscribers on their network. Telemarketers who are not registered or who use 10-digit phone numbers cannot send promotional messages, according to instructions given to telecoms. Telcos must take action against misbehaving telemarketers, it was noted, and divulge their information to other telecoms, who would be in charge of preventing these companies from transmitting commercial messages.
How widespread is the spam issue?
According to a LocalCircles poll, three or more spam calls are received every day by two out of every three Indians (66%) on average. It further stated that not a single one of the thousands of responses clicked the “no-spam” box. According to the platform, the survey was conducted nationally and received over 56,000 responses from Indians in 342 districts. Moreover, 92 % of respondents reported that even after choosing DND, they still receive spam. A mobile subscriber can register their number on the DND list to prevent receiving unsolicited commercial communication (UCC).
consultation document recently in which it recommended the concept of providing the genuine name identify of callers to persons receiving calls. The paper indicated that it would employ a database containing each subscriber’s correct name to implement the caller name presentation (CNAP) service. The regulator wants to use information collected by telecom service providers through client acquisition forms (CAF).
Conclusion
TRAI established a joint committee to examine the problem of phishing and cyber scams in 2022. Officials from the Securities and Exchange Board of India (SEBI) and Reserve Bank of India (RBI) were present (SEBI).
The telecom watchdog had outlined a strategy for leveraging blockchain technology to combat SMS and call spam (DLT).
Introduction
The CID of Jharkhand Police has uncovered a network of around 8000 bank accounts engaged in cyber fraud across the state, with a focus on Deoghar district, revealing a surprising 25% concentration of fraudulent accounts. In a recent meeting with bank officials, the CID shared compiled data, with 20% of the identified accounts traced to State Bank of India branches. This revelation, surpassing even Jamtara's cyber fraud reputation, prompts questions about the extent of cybercrime in Jharkhand. Under Director General Anurag Gupta's leadership, the CID has registered 90 cases, apprehended 468 individuals, and seized 1635 SIM cards and 1107 mobile phones through the Prakharna portal to combat cybercrime.
This shocking revelation by, Jharkhand Police's Criminal Investigation Department (CID) has built a comprehensive database comprising information on about 8000 bank accounts tied to cyber fraud operations in the state. This vital information has aided in the launch of investigations to identify the account holders implicated in these illegal actions. Furthermore, the CID shared this information with bank officials at a meeting on January 12 to speed up the identification process.
Background of the Investigation
The CID shared the collated material with bank officials in a meeting on 12 January 2024 to expedite the identification process. A stunning 2000 of the 8000 bank accounts under investigation are in the Deoghar district alone, with 20 per cent of these accounts connected to various State Bank of India branches. The discovery of 8000 bank accounts related to cybercrime in Jharkhand is shocking and disturbing. Surprisingly, Deoghar district has exceeded even Jamtara, which was famous for cybercrime, accounting for around 25% of the discovered bogus accounts in the state.
As per the information provided by the CID Crime Branch, it has been found that most of the accounts were opened in banks, are currently under investigation and around 2000 have been blocked by the investigating agencies.
Recovery Process
During the investigation, it was found out that most of these accounts were running on rent, the cyber criminals opened them by taking fake phone numbers along with Aadhar cards and identity cards from people in return these people(account holders) will get a fixed amount every month.
The CID has been unrelenting in its pursuit of cybercriminals. Police have recorded 90 cases and captured 468 people involved in cyber fraud using the Prakharna site. 1635 SIM Cards and 1107 mobile phones were confiscated by police officials during raids in various cities.
The Crime Branch has revealed the names of the cities where accounts are opened
- Deoghar 2500
- Dhanbad 1183
- Ranchi 959
- Bokaro 716
- Giridih 707
- Jamshedpur 584
- Hazaribagh 526
- Dumka 475
- Jamtara 443
Impact on the Financial Institutions and Individuals
These cyber scams significantly influence financial organisations and individuals; let us investigate the implications.
- Victims: Cybercrime victims have significant financial setbacks, which can lead to long-term financial insecurity. In addition, people frequently suffer mental pain as a result of the breach of personal information, which causes worry, fear, and a lack of faith in the digital financial system. One of the most difficult problems for victims is the recovery process, which includes retrieving lost cash and repairing the harm caused by the cyberattack. Individuals will find this approach time-consuming and difficult, in a lot of cases people are unaware of where and when to approach and seek help. Hence, awareness about cybercrimes and a reporting mechanism are necessary to guide victims through the recovery process, aiding them in retrieving lost assets and repairing the harm inflicted by cyberattacks.
- Financial Institutions: Financial institutions face direct consequences when they incur significant losses due to cyber financial fraud. Unauthorised account access, fraudulent transactions, and the compromise of client data result in immediate cash losses and costs associated with investigating and mitigating the breach's impact. Such assaults degrade the reputation of financial organisations, undermine trust, erode customer confidence, and result in the loss of potential clients.
- Future Implications and Solutions: Recently, the CID discovered a sophisticated cyber fraud network in Jharkhand. As a result, it is critical to assess the possible long-term repercussions of such discoveries and propose proactive ways to improve cybersecurity. The CID's findings are expected to increase awareness of the ongoing threat of cyber fraud to both people and organisations. Given the current state of cyber dangers, it is critical to implement rigorous safeguards and impose heavy punishments on cyber offenders. Government organisations and regulatory bodies should also adapt their present cybersecurity strategies to address the problems posed by modern cybercrime.
Solution and Preventive Measures
Several solutions can help combat the growing nature of cybercrime. The first and foremost step is to enhance cybersecurity education at all levels, including:
- Individual Level: To improve cybersecurity for individuals, raising awareness across all age groups is crucial. This can only be done by knowing the potential threats by following the best online practices, following cyber hygiene, and educating people to safeguard themselves against financial frauds such as phishing, smishing etc.
- Multi-Layered Authentication: Encouraging individuals to enable MFA for their online accounts adds an extra layer of security by requiring additional verification beyond passwords.
- Continuous monitoring and incident Response: By continuously monitoring their financial transactions and regularly reviewing the online statements and transaction history, ensure that everyday transactions are aligned with your expenditures, and set up the accounts alert for transactions exceeding a specified amount for usual activity.
- Report Suspicious Activity: If you see any fraudulent transactions or activity, contact your bank or financial institution immediately; they will lead you through investigating and resolving the problem. The victim must supply the necessary paperwork to support your claim.
How to reduce the risks
- Freeze compromised accounts: If you think that some of your accounts have been compromised, call the bank immediately and request that the account be frozen or temporarily suspended, preventing further unauthorised truncations
- Update passwords: Update and change your passwords for all the financial accounts, emails, and online banking accounts regularly, if you suspect any unauthorised access, report it immediately and always enable MFA that adds an extra layer of protection to your accounts.
Conclusion
The CID's finding of a cyber fraud network in Jharkhand is a stark reminder of the ever-changing nature of cybersecurity threats. Cyber security measures are necessary to prevent such activities and protect individuals and institutions from being targeted against cyber fraud. As the digital ecosystem continues to grow, it is really important to stay vigilant and alert as an individual and society as a whole. We should actively participate in more awareness activities to update and upgrade ourselves.
References
- https://avenuemail.in/cid-uncovers-alarming-cyber-fraud-network-8000-bank-accounts-in-jharkhand-involved/
- https://www.the420.in/jharkhand-cid-cyber-fraud-crackdown-8000-bank-accounts-involved/
- https://www.livehindustan.com/jharkhand/story-cyber-fraudsters-in-jharkhand-opened-more-than-8000-bank-accounts-cid-freezes-2000-accounts-investigating-9203292.html
Tech News overview
Recently, the TRAI has passed some recommendations that benefit the telecommunications industry in India. The suggestion is to lower the entry fees and bank guarantees on the 26th of July 20, 2022. Then wrote a few consulting papers, countering comments by the stakeholders of various companies.
In a significant move, TRAI (Telecom Regulatory Authority of India) has proposed spacious changes in terms of entry fees and bank guarantees in the telecom sector. These endorsements have been abeyant to escort the new era of competition, investment, and innovation, reshaping India’s telecommunication landscape.
Proposal Points by TRAI to telecom companies:
As we dive into considering the recommendations by TRAI into the crucial aspects of the telecom industry, deliberate about the significance of entry fees, the importance of banks, and the guarantees.
- Entry fees: Entry fees are the advance key point that upholds the charges that telecom companies pay to the government when they want to offer services to the civilians of the country. The amount they pay is quite hefty and usually non-refundable.
- Bank guarantee: An important factor that is also a type of security, the financial security that assures the telecom companies to fulfil their financial obligations and follow the regulations and policy conditions specified in their license agreement.
- TRAI roleplay: The Telecom Regulatory Authority of India is an authority responsible for supervising the telecom industry in the country. Making sure that the regulations and recommendations such as entry fees and bank guarantees are working in the proper way or not, a supervision of such things.
- Expected outcomes: TRAI focuses on reducing the entry fees for various types of licenses in the other telecom sector. This step encourages other new telecom operators to enter the market and increase the fair price and investment, which leads to enhancing the competition.
- Consolidating Bank guarantees: TRAI also proposed an amalgamation of bank guarantees, which means telecom companies are required to maintain separate guarantees for different business licenses, which makes business doing sectors an easy environment.
- No entry fee at the time of License Renewal: Recommendations by TRAI by not charging any entry fees when telecom operators renew their licenses. This step can reduce the financial burden on both existing and new entrants,, specifically for UL(VNO)license shareholders.
Reshaping the telecom panorama:
Recommendation by TRAI that can potentially help in reshaping the Telecoms landscape in India in various aspects:
- Increment in healthy Competition: By reducing the entry fees, TRAI would be creating a platform profitable and affordable for new market players in India.
- Market enlargement: Lowering the entry fees might lead to the participation of new entrants, including regional and smaller players,, to get involved in the telecom industry.
- Due to the market expansion, the outcomes can potentially lead to improved access to telecom services in underdeveloped areas and regions and contribute to digital inclusion.
- Job Recruitment: The evolution in the telecom industry due to new operators and increased investment can lead to job uplift in both telecom and industries related to technological infrastructure.
- Choice of preference: As there is a rise in competition, consumers are likely to have many choices when it comes to telecom service providers. The consumers get to select from a wider range of services, leading to better value for money and quality of service.
- Quality of service: With increased competition and a hefty amount of investment, telecom operators have a spur to enhance the quality of service.
Conclusion:
In conclusion, TRAIs proposal on lowering the entry fees and bank guarantee for financial services marks a significant milestone in India’s telecom industry. These essential changes hold the promise of fostering competition, investment, a platform for new entrants, quality of service, wider range of platforms for selection. As these advance suggestions take place, in telecom industry in India is on a new threshold of an existing transformation that could reevaluate the way we communicate and connect.
Reference: