India's battle against scam epidemic: Govt, telcos tackle rising frauds

In this part of the year-end series, we unravel the web of tele-frauds and spams

On a sultry afternoon in August, Bithi Mukherjee, a resident of Kolkata, received a call purportedly from her electricity supplier. The caller informed her that her connection faced imminent shutdown due to outstanding bills. The 72-year-old pleaded with the caller to wait until her daughter returned from office.
 

In impeccable English, the professional voice on the line said that would not be possible, and that a fine and an emergency restoration charge of Rs 35,857 had to be deposited within the next 15 minutes on the company's website via a link sent to her phone.
 

The caller's knowledge of her account details over three months, coupled with the warning of bureaucratic hurdles, prompted Mukherjee into swift payment. Barely 15 minutes after the money was deducted from her account, the line went dead and the website became inaccessible. Subsequent complaints lodged with the Calcutta Electric Supply Company revealed the stark reality: Mukherjee had fallen victim to a clear case of fraud.
 

Mukherjee joined the ranks of millions of Indians grappling with an array of scams in 2023, artificial intelligence (AI)-based voice scams and UPI frauds. Her telecom service provider offered no recourse, citing an inability to investigate fraud cases.

"While the telecommunications department and the Telecom Regulatory Authority of India (Trai) frame policies to combat scam calls and messages, our scope is limited. We lack the capacity to root out every potential scammer. We can only block the number if the consumer complains,” a security expert on the board of a major telecommunications company told Business Standard.

 

India, boasting the world's second-largest mobile subscriber base, grapples with a scam epidemic. A majority of these tele-scams are run from within the country, with Gurugram, Hyderabad and Kolkata emerging as major hubs housing fraudulent call centres with a sizable workforce.
 

These are the urban ‘Jamtaras’, called so after the district in Jharkhand that has come to be identified as the phishing capital of India.
 

The scammers employ an assortment of tactics, often resorting to a combination of spam messages, robocalls and fraudulent links from unregistered numbers. These ploys aim to extract personal information, later sold on the wider internet or causing financial loss.
 

Truecaller's Global Spam Report of 2021 found India to have the fourth highest incidence of spam calls globally, mainly due to a surge in sales and telemarketing calls. Another report from Truecaller, released in November this year, underscored that nearly 9.34 per cent of the 2.1 billion monthly spam calls received by the users in the United States originated from abroad, with four out of five being from India.
 

In an effort to combat cyber fraud, the government mandated biometric and police verifications for SIM card dealers in August. It also announced a new business SIM connection rule requiring companies to disclose their goods and services tax (GST) number, permanent account number (PAN) and income-tax information for bulk SIM purchases. This year, the police discovered SIM box devices in several cities, a mechanism that utilises multiple SIM cards to make automated calls. For harried users, the distinction between scams and spam may blur, yet there are legal disparities. While financial scams through phone calls can be prosecuted as fraud, spam typically does not invite penal consequences.
 

Plugging the spam tsunami
 

Spam is classified as “unsolicited commercial communication” (UCCS), usually sent by unregistered telemarketers (UTMs). Trai classifies any sender of commercial communication, who is not officially registered as a telemarketing partner with telecom companies such as Reliance Jio, Bharti Airtel, Vodafone Idea and BSNL, as UTM.
 

The Telecom Commercial Communications Customer Preference Regulations 2018 (TCCCPR-2018) are the government's main legal arsenal to battle the menace. Telcos are required to act against UTMs by giving a warning, putting them under the “usage caps” for a fixed number of calls and messages per day, or disconnecting services for repeat violations.
 

TCCCPR was issued to effectively end spam calls – a top issue that phone users in the country face. The directive mandated telecom operators to use blockchain-based digital ledger technology (DLT) platforms to curtail spam. These digital systems keep and manage the record of sender IDs and templates and are run by individual telcos.
 

In the prevalent system, customer consent is obtained and maintained by principal entities (PEs) such as banks, financial institutions, insurance companies, trading companies, business entities and real estate companies, among others. The problem often starts when these businesses purchase bulk short messaging services (SMS) from a telemarketer to send SMS texts to their clients and customers.
 

Telemarketers are mandated to be registered on the DLT platforms. But the lack of a unified system has resulted in customers struggling to provide or revoke consent, and telcos unable to take action against telemarketers not registered on their DLTs. As a result, Trai has focused its attention on an AI and machine language (ML)-based tool – the Digital Content Authorisation (DCA). This is to be a unified platform to register, maintain and revoke the consent given by customers for receiving commercial communication from businesses. Mandated by the sector regulator, it will cover all telcos and businesses. 

While Trai's last deadline for telcos to implement the technology passed in mid-2023, it is gradually coming into force. 
 

According to telecom officials, DCA will enable the consent data to be collected on the DLTs quickly. The PEs, however, have dragged their feet. "The government guidelines came months back, and we have intimated the PEs, but many are yet to get back to us," said an official. PEs are unhappy with the new system, which is widely expected to see many users revoking their consent for all kinds of business communication.
 

Trai also runs the National Customer Preference Registry, earlier called the National Do Not Call Registry. Users can register themselves on it to legally opt out of unsolicited commercial communication (UCC). The DND app can be used by consumers to report UCC within three days of receiving it, and telcos are legally bound to take action within 24 hours of the complaint. Within 24 hours of the complaint, telcos are legally bound to ensure all UCCs targeted at the consumer stop.