India’s Department of Telecommunications (DoT) has mandated that messaging apps must only function with an active SIM card linked to the user’s mobile number. This new requirement targets popular platforms like WhatsApp, Telegram, and Signal, which must comply within 90 days.
The initiative is part of an amendment to the Telecommunications Cyber Security Rules, aimed at combating cyber fraud, including phishing and scams, by ensuring that each messaging account corresponds with a verified mobile number (TIUE). The DoT emphasizes that this SIM-binding rule addresses significant security vulnerabilities exploited by fraudsters, who previously could keep accounts active even after the associated SIM was deactivated or transferred abroad.
In its recent statement, the DoT noted, “Accounts on instant messaging and calling apps continue to work even after the associated SIM is removed, allowing anonymous scams.” Such persistent accounts enable criminals to manipulate victims’ information from distant locations, complicating traceability efforts.
To counter these issues, the directive includes provisions to bind app-based communication services to the SIM card in use. It also mandates that users be logged out of web sessions every six hours, requiring them to re-link their accounts via a QR code. This frequent re-authentication not only reduces the risk of account takeovers but also imposes additional hurdles for malicious actors attempting to access users’ accounts without authorization.
The DoT further indicated that these measures will tie every active messaging account and its web sessions to a Know Your Customer (KYC)-verified SIM, allowing authorities to track numbers implicated in various fraud schemes.
Previously, these SIM-binding and session management rules were applied only to banking and payment apps within India’s Unified Payments Interface (UPI) system; now, they are extended to messaging services. Currently, there has been no commentary from major services like WhatsApp and Signal regarding these newly imposed regulations.
This development follows the DoT’s announcement of a Mobile Number Validation (MNV) platform aimed at tackling the rise of mule accounts and identity fraud linked to unverified mobile numbers. The MNV platform is intended to ensure that service providers can validate whether a mobile number genuinely belongs to the individual whose credentials are on record, thereby enhancing trust in digital transactions.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.