Representative Image for cyber-crime.
Credit: iStock Photo
New Delhi: The government on Monday said SIM binding was essential to prevent cyber fraud. It has issued an order to messaging apps like WhatsApp, Telegram, Signal, and Arattai among others to mandatorily carry out SIM binding.
Cyber-fraud losses are pegged at over Rs 22,800 crore in 2024 alone. The Department of Telecom said that SIM-binding directions are essential to plug a concrete security gap that cybercriminals are exploiting to run large-scale, often cross-border, digital frauds. As per new rule issued by the DoT, the messaging platforms like WhatsApp or Telegram should continuously check whether the SIM card used to register the account is still physically present and active in the user’s device or not. Currently, once you set up WhatsApp or Telegram using an OTP, the app continues to work even if you remove the SIM or put it in a different phone. The government wants this behaviour to stop.
According to new norms, if the registered SIM is removed, replaced, or becomes inactive, the app would immediately stop functioning. This brings a constant verification layer that goes much deeper than OTP-based registration.
Apps will need to keep checking the IMSI (International Mobile Subscriber Identity), which is a unique number stored in every SIM. Since IMSI is tied to the subscriber at a global level, the government believes enforcing IMSI checks will help reduce misuse. The direction does not affect the cases where the SIM is present in the handset, and the user is on roaming, the Ministry of Communications assured in a release.
“These uniform, enforceable directions under the Telecom Cyber Security Rules are a proportionate measure to prevent misuse of telecom identifiers, ensure traceability, and protect citizens’ trust in India’s digital ecosystem”, the government emphasised.
Device binding and automatic session logout are widely used in banking and payment apps to prevent account takeover, session hijacking and misuse from untrusted devices and accordingly extended to app-based communication platforms that are now “central to cyber frauds”.