Fighting Cyber Fraud in India: A Closer Look at TRAI’s New Message Traceability Guidelines

Image

India has been witnessing a significant rise in online scams and cyber fraud over recent years. According to the CERT-In Annual Report 2023 , India reported 1,592,917 cybersecurity incidents  in 2023, reflecting a 14.5% increase  from the 1,392,000 incidents reported in 2022. These included website intrusions, malware propagation, phishing, distributed denial-of-service (DDoS) attacks, website defacements, unauthorized network scanning, ransomware attacks, and data breaches.

This figure represents a significant workload in incident handling and highlights the persistent threat landscape in the country. In response to this growing cyber threat, India has introduced several measures over the years to regulate commercial messaging and protect users from fraudulent activities.

Existing Guidelines: Strengths and Weaknesses

The Telecom Commercial Communications Customer Preference Regulations (TCCCPR), 2018 , introduced by the Telecom Regulatory Authority of India (TRAI) , required businesses to use a blockchain-based Distributed Ledger Technology (DLT)  platform to register entities, headers, and message templates. By doing so, TRAI aimed to enhance transparency and curtail unsolicited commercial communications, providing a more secure and user-friendly messaging environment.

One of the notable strengths of this framework was its ability to improve traceability through mandatory registration, making it harder for unauthorized entities to send commercial messages. Additionally, the regulations empowered consumers by enabling them to block unwanted communications through Do Not Disturb (DND)  services, offering greater control over their messaging preferences.

However, the TCCCPR framework was not without its shortcomings. Enforcement varied significantly across telecom operators, creating inconsistencies that left loopholes in the system. Furthermore, while the registration of message templates added a layer of accountability, the framework struggled to effectively trace the origin of fraudulent messages. Scammers often exploited these gaps, undermining the system's ability to prevent phishing and other forms of cyber fraud.

TRAI’s New Guidelines: Potential Impact on Businesses and Consumers

The new message traceability guidelines, set to take effect on   December 11, 2024 , aim to strengthen the existing framework by ensuring end-to-end traceability  of commercial messages. Under these guidelines, a clearly defined chain  between Principal Entities (PEs) and Telemarketers (TMs) must be established and registered on the DLT platform. Starting from the implementation date, any message traffic with an undefined or mismatched chain will be rejected by telecom operators, preventing such messages from reaching consumers.

For businesses, this development introduces new compliance requirements . Companies must now define and register their PE-TM chains, which will likely necessitate updates to their messaging systems and processes. The failure to comply with these requirements could result in the blocking of messages, causing potential disruptions in customer communication and transactional processes.

On the consumer side, the guidelines are expected to bring significant benefits. Enhanced traceability is anticipated to reduce the prevalence of fraudulent messages and scams, creating a safer communication environment . Additionally, the stricter regulations may lead to a decrease in unsolicited messages and spam calls, improving the overall user experience.

In its official notification, TRAI stated that "with effect from December 11, 2024, any traffic where the chain of telemarketers is not defined or does not match with a pre-defined chain shall be rejected." TRAI has also reassured users that essential services, such as OTP deliveries, will not face delays or disruptions during the implementation of the new system, emphasizing the balance between security and seamless communication.

Understanding the PE-TM Chain in TRAI’s Guidelines

A critical component of TRAI’s new message traceability guidelines  is the structured chain between Principal Entities (PEs)  and Telemarketers (TMs)

Principal Entities (PEs)  are businesses or organizations that originate commercial messages. These include entities such as banks, e-commerce platforms, or service providers that send OTPs, promotional offers, or transactional notifications to their customers.

Telemarketers (TMs)  act as intermediaries authorized by PEs to distribute these messages using telecom networks. TMs can either be independent agencies or in-house teams employed by the PEs.

Image

To maintain traceability, the guidelines mandate that all PEs and TMs register their details on TRAI’s Distributed Ledger Technology (DLT)  platform. This registration process involves several key elements:

  1. Principal Entity Registration:  PEs must register themselves along with their communication templates, ensuring only approved messages are sent.

  2. Telemarketer Registration:  TMs must also register, linking their services to specific PEs.

  3. Template and Header Registration:  Each message template, as well as the header (sender ID), must be registered, ensuring alignment with the PE and TM details.

This defined chain is verified by telecom operators who cross-check message traffic against the records in the DLT platform. Messages from unregistered or mismatched chains are rejected, preventing them from reaching consumers.

This chain provides significant benefits. By ensuring only authorized TMs can send messages on behalf of registered PEs, the system minimizes the risk of scams and fraudulent communications. It also enhances transparency and accountability, as every message can be traced back to its origin. Consumers benefit from a safer messaging environment, with reduced instances of phishing, spoofing, and spam.

Similar Examples in Other Parts of the World

Several countries have implemented telecommunications regulations aimed at preventing scams and fraud:

China: Anti-Telecom and Online Fraud Law

Enacted in December 2022, China's Anti-Telecom and Online Fraud Law mandates that telecommunications operators implement real-name registration for all users and enforce limits on the number of SIM cards per individual. The law also requires telecom operators, financial institutions, and internet service providers to establish internal systems for preventing and controlling fraud risks. These measures aim to curb telecom and online fraud by enhancing traceability and accountability within the telecommunications sector.

United Kingdom: Telecommunications Fraud Sector Charter

In November 2022, the UK government introduced the Telecommunications Fraud Sector Charter, a collaborative effort between the government and telecom providers to combat fraud and scams targeting UK customers. The charter outlines commitments to enhance information sharing, implement protective technologies, and educate consumers about fraud prevention. This initiative aims to reduce consumer harm and financial losses associated with telecommunications fraud.

Australia: Scam Prevention Framework

The Australian government has proposed a Scam Prevention Framework that imposes mandatory obligations on banks, telecommunications companies, and digital platforms to combat scams. The framework includes measures such as verifying sender identities before messages reach recipients and implementing customer dispute resolution mechanisms. Non-compliance can result in substantial fines, emphasizing the importance of proactive scam prevention.

These examples highlight how traceability measures are increasingly being adopted worldwide to address challenges in digital communication. TRAI’s new guidelines align with this global trend by focusing on curbing spam and fraud through robust traceability mechanisms. By mandating the registration of telemarketers and ensuring accountability in message transmission, these regulations promise to enhance security and trust for consumers.

While businesses may face initial compliance challenges, the long-term benefits of reduced fraudulent activity and a safer communication ecosystem could significantly outweigh the costs. This initiative positions India as a proactive player in combating the growing menace of digital fraud.

About the Author

James Greening , operating under a pseudonym, brings a wealth of experience to his role. Formerly the sole driving force behind Fake Website Buster, James leverages his expertise to raise awareness about online scams. He currently serves as a Content Marketing & Design Specialist for the Global Anti-Scam Alliance (GASA), and contributes to ScamAdviser.com .

James’s mission aligns with GASA’s mission to protect consumers worldwide from scams. He is committed to empowering professionals with the insights and tools necessary to detect and mitigate online scams, ensuring the security and integrity of their operations and digital ecosystems.

Connect with James Greening on LinkedIn

Dec 6, 2024
8 minute read
Category
Best Practices Industry - Telecom Operators / Hosters Topic - Scam Detection
Written by
Jorij Abraham
Managing Director
Share article

Latest blogs & research

GASA Mexico Shares Scam Prevention Tips During the 2026 FIFA World Cup

GASA Mexico shares practical advice for football fans on avoiding ticketing, travel, phishing and payment scams during the 2026 FIFA World Cup.

Best Practices Video Region - Latin America Industry - Consumer Protection & Authorities

Watch the Global Anti-Scam Summit Europe 2026 Session Recordings

Watch keynotes, panels, workshops, working group sessions and Scam Fighter Awards recordings from the Global Anti-Scam Summit Europe 2026 in Lisbon.

Best Practices Region - Europe Topic - Fraud Prevention Topic - Data Sharing

Public-Private Partnerships in Action: Key Takeaways From the Global Anti-Scam Summit Europe 2026

Key takeaways from the Global Anti-Scam Summit Europe 2026 on how public-private partnerships can strengthen scam prevention, intelligence sharing, regulation and victim protection.

Best Practices Region - Europe Region - Global Video
nomorobo joins scam.org

Nomorobo Joins Scam.org to Shield Consumers from Fraudulent Calls and Texts

Nomorobo has joined Scam.org as a member partner, bringing call and text blocking technology into the platform to help consumers protect themselves from fraudulent communications.

News Topic - Scam Awareness Region - Global Region - North America

Scams Continue to Rise in Germany: Two in Three Adults Encountered a Scam in the Past Year

The Global Anti-Scam Alliance (GASA), in collaboration with Worldline, has released the State of Scams Germany 2026 Report.

Report Topic - Scam Reporting Scam Trends Topic - Fraud Research
gasa webinar

Anatomy of an Investment/Crypto Scam

On 21 May, the Global Anti-Scam Alliance (GASA) hosted a webinar bringing together leading voices from the crypto industry, law enforcement, compliance, and civil society.

Region - Europe Video Topic - Fraud Policy Event - GASA Meet-Ups

ICC and GASA Publish Best Practices Framework for Combating Scam Advertising

ICC and GASA have published a best practices framework for combating scam advertising, focusing on risk-based verification, transparency, reporting and collaboration.

Best Practices Region - Global Topic - Fraud Policy Industry - Financial Authorities

Scams Surge Across the U.S.: 82% of Adults Targeted as Engagement and Losses Continue to Rise

The Global Anti-Scam Alliance (GASA), in collaboration with Iris® Powered by Generali, has released the State of Scams USA 2026 Report.

Research News Scam Trends Region - North America