Indian telcos back in court over fintech fraud

14 July 2020 | Melanie Mingas

Cover

Indian fintech and e-commerce firm Paytm has returned to the high court in Delhi, providing further evidence that an increase in customer fraud attacks is due to the inaction of telcos and their regulator.

The firm has said it doesn’t consider telcos liable for the frauds, but that they have failed to meet their verification obligations under the Telecom Commercial Communications Customer Preference Regulations (TCCCPR).

The case named Reliance Jio, Bharti Airtel, Vodafone Idea, Bharat Sanchar Nigam Limited (BSNL) and Mahanagar Telephone Nigam Limited (MTNL), along with the Telecom Regulatory Authority of India (TRAI).

Effective 1 June, TRAI implemented a blockchain framework to eliminate telemarketing calls. However, Paytm said it has witnessed 560 security incidents since then where its customers were defrauded, with 50% of malicious traffic running through the state-run service provider BSNL.

The complaint was filed in June as part of an ongoing lawsuit between Paytm parent company One97 Communications and the telcos, which alleged “millions” of payment customers have been defrauded as a result of telco non-compliance with TCCCPR since its implementation.

One97 Communications is seeking damages and an order to ensure stricter compliance with TCCCPR provisions. It also wants the numbers of known telemarketers to be blocked and in January produced a list of 3,500 numbers linked to scam callers.

It is also pushing for further ID verification in SIM card sales and a new obligation on the named telcos to introduce mechanisms for customers to report violations.

In its evidence, Paytm said the inaction by telcos and their regulator had contributed to an increase in phishing attacks via text and call by unregistered telemarketers, who use a series of names similar to that of Paytm in order to extract customer information.

Specifically, the fintech and e-commerce platform has witnessed 560 security incidents since 1 June where its customers were defrauded, with 50% of malicious traffic running through the state-run service provider BSNL. In response, Paytm said BSNL “remains the biggest defaulter of TCCCPR provisions”.

The telcos maintain that, Under Section 79 of the IT Act, fraudulent traffic on their networks is beyond their jurisdiction. Reliance Jio has said Paytm is attempting to cover its own security lapses, and that the security issues raised in this case occurred over multiple platforms, including email, OTT channels and Paytm’s own app.

The case continues.