Mumbai: Come November 1, you could face disruptions in receiving bank and delivery of One-Time Passwords (OTPs) due to the new traceability rules of the telecom regulator. The traceability norms effective next month mandate the telecom companies to ensure traceability of all transactional and service messages sent by principal entities such as e-commerce platforms, banks and other financial institutions. They also require telecom companies to block messages with an irregular sending chain, which could disrupt the delivery of OTPs and other important alerts. These OTPs play a vital role in authorizing online payments and deliveries.
The Cellular Operators Association of India (COAI), which includes telecom giants such as Airtel, Vodafone, and Reliance Jio have approached the Telecom Regulatory Authority of India (TRAI) seeking relaxations in the traceability mandate. The telecom operators have warned that messages containing OTPs and other critical details might not reach recipients, as telemarketers and PEs have yet to implement the important technical solutions. The principal entities have requested an additional two months, during which they could update their systems to avoid interruptions in message delivery. If compliance is granted, this extension could help prevent widespread OTP and transaction messages from disrupting users across the country. However, given that the deadline has been extended several times, it is unlikely that TRAI will grant a further extension.
Initially the norms instructing telecom companies to ban sharing messages containing URLs, APKs, OTT links or call-back numbers which are not whitelisted by the sender were to be effective September but the regulator then extended the deadline to October 1 due to multiple requests by the telecom operators for additional time for compliance.
According to TRAI, these measures have taken forward its initiatives to ensure a clean and secure messaging ecosystem, safeguarding customer interests and preventing fraudulent activities.
As per the existing practice, telecom operators scan messages to check if they match the template provided by the company. Companies have so far been required to register the header and template of the message with telecom companies so long as these two things in a message are in place, telecom companies send the SMSes to customers.
However, many times the content contains spam and dubious links. Many users inadvertently click on these dubious links resulting in hackers gaining access to personal data resulting in theft of money or other sensitive information.
The new rules will ensure that all the SMSes from the sender to a receiver are thoroughly checked revealing the content to the telecom operators who will have permission to block the messages that do not follow the guidelines.
