Fighting Cyber Fraud in India: A Closer Look at TRAI’s New Message Traceability Guidelines

India has been witnessing a significant rise in online scams and cyber fraud over recent years. According to the CERT-In Annual Report 2023, India reported 1,592,917 cybersecurity incidents in 2023, reflecting a 14.5% increase from the 1,392,000 incidents reported in 2022. These included website intrusions, malware propagation, phishing, distributed denial-of-service (DDoS) attacks, website defacements, unauthorized network scanning, ransomware attacks, and data breaches.

This figure represents a significant workload in incident handling and highlights the persistent threat landscape in the country. In response to this growing cyber threat, India has introduced several measures over the years to regulate commercial messaging and protect users from fraudulent activities.

Existing Guidelines: Strengths and Weaknesses

The Telecom Commercial Communications Customer Preference Regulations (TCCCPR), 2018, introduced by the Telecom Regulatory Authority of India (TRAI), required businesses to use a blockchain-based Distributed Ledger Technology (DLT) platform to register entities, headers, and message templates. By doing so, TRAI aimed to enhance transparency and curtail unsolicited commercial communications, providing a more secure and user-friendly messaging environment.

One of the notable strengths of this framework was its ability to improve traceability through mandatory registration, making it harder for unauthorized entities to send commercial messages. Additionally, the regulations empowered consumers by enabling them to block unwanted communications through Do Not Disturb (DND) services, offering greater control over their messaging preferences.

However, the TCCCPR framework was not without its shortcomings. Enforcement varied significantly across telecom operators, creating inconsistencies that left loopholes in the system. Furthermore, while the registration of message templates added a layer of accountability, the framework struggled to effectively trace the origin of fraudulent messages. Scammers often exploited these gaps, undermining the system's ability to prevent phishing and other forms of cyber fraud.

TRAI’s New Guidelines: Potential Impact on Businesses and Consumers

The new message traceability guidelines, set to take effect on December 11, 2024, aim to strengthen the existing framework by ensuring end-to-end traceability of commercial messages. Under these guidelines, a clearly defined chain between Principal Entities (PEs) and Telemarketers (TMs) must be established and registered on the DLT platform. Starting from the implementation date, any message traffic with an undefined or mismatched chain will be rejected by telecom operators, preventing such messages from reaching consumers.

For businesses, this development introduces new compliance requirements. Companies must now define and register their PE-TM chains, which will likely necessitate updates to their messaging systems and processes. The failure to comply with these requirements could result in the blocking of messages, causing potential disruptions in customer communication and transactional processes.

On the consumer side, the guidelines are expected to bring significant benefits. Enhanced traceability is anticipated to reduce the prevalence of fraudulent messages and scams, creating a safer communication environment. Additionally, the stricter regulations may lead to a decrease in unsolicited messages and spam calls, improving the overall user experience.

In its official notification, TRAI stated that "with effect from December 11, 2024, any traffic where the chain of telemarketers is not defined or does not match with a pre-defined chain shall be rejected." TRAI has also reassured users that essential services, such as OTP deliveries, will not face delays or disruptions during the implementation of the new system, emphasizing the balance between security and seamless communication.

Understanding the PE-TM Chain in TRAI’s Guidelines

A critical component of TRAI’s new message traceability guidelines is the structured chain between Principal Entities (PEs) and Telemarketers (TMs). 

Principal Entities (PEs) are businesses or organizations that originate commercial messages. These include entities such as banks, e-commerce platforms, or service providers that send OTPs, promotional offers, or transactional notifications to their customers.

Telemarketers (TMs) act as intermediaries authorized by PEs to distribute these messages using telecom networks. TMs can either be independent agencies or in-house teams employed by the PEs.

To maintain traceability, the guidelines mandate that all PEs and TMs register their details on TRAI’s Distributed Ledger Technology (DLT) platform. This registration process involves several key elements:

1. Principal Entity Registration: PEs must register themselves along with their communication templates, ensuring only approved messages are sent.

2. Telemarketer Registration: TMs must also register, linking their services to specific PEs.

3. Template and Header Registration: Each message template, as well as the header (sender ID), must be registered, ensuring alignment with the PE and TM details.

This defined chain is verified by telecom operators who cross-check message traffic against the records in the DLT platform. Messages from unregistered or mismatched chains are rejected, preventing them from reaching consumers.

This chain provides significant benefits. By ensuring only authorized TMs can send messages on behalf of registered PEs, the system minimizes the risk of scams and fraudulent communications. It also enhances transparency and accountability, as every message can be traced back to its origin. Consumers benefit from a safer messaging environment, with reduced instances of phishing, spoofing, and spam.

Similar Examples in Other Parts of the World

Several countries have implemented telecommunications regulations aimed at preventing scams and fraud:

China: Anti-Telecom and Online Fraud Law

Enacted in December 2022, China's Anti-Telecom and Online Fraud Law mandates that telecommunications operators implement real-name registration for all users and enforce limits on the number of SIM cards per individual. The law also requires telecom operators, financial institutions, and internet service providers to establish internal systems for preventing and controlling fraud risks. These measures aim to curb telecom and online fraud by enhancing traceability and accountability within the telecommunications sector.

United Kingdom: Telecommunications Fraud Sector Charter

In November 2022, the UK government introduced the Telecommunications Fraud Sector Charter, a collaborative effort between the government and telecom providers to combat fraud and scams targeting UK customers. The charter outlines commitments to enhance information sharing, implement protective technologies, and educate consumers about fraud prevention. This initiative aims to reduce consumer harm and financial losses associated with telecommunications fraud.

Australia: Scam Prevention Framework

The Australian government has proposed a Scam Prevention Framework that imposes mandatory obligations on banks, telecommunications companies, and digital platforms to combat scams. The framework includes measures such as verifying sender identities before messages reach recipients and implementing customer dispute resolution mechanisms. Non-compliance can result in substantial fines, emphasizing the importance of proactive scam prevention.

These examples highlight how traceability measures are increasingly being adopted worldwide to address challenges in digital communication. TRAI’s new guidelines align with this global trend by focusing on curbing spam and fraud through robust traceability mechanisms. By mandating the registration of telemarketers and ensuring accountability in message transmission, these regulations promise to enhance security and trust for consumers.

While businesses may face initial compliance challenges, the long-term benefits of reduced fraudulent activity and a safer communication ecosystem could significantly outweigh the costs. This initiative positions India as a proactive player in combating the growing menace of digital fraud.

About the Author

James Greening, operating under a pseudonym, brings a wealth of experience to his role. Formerly the sole driving force behind Fake Website Buster, James leverages his expertise to raise awareness about online scams. He currently serves as a Content Marketing & Design Specialist for the Global Anti-Scam Alliance (GASA), and contributes to ScamAdviser.com.

James’s mission aligns with GASA’s mission to protect consumers worldwide from scams. He is committed to empowering professionals with the insights and tools necessary to detect and mitigate online scams, ensuring the security and integrity of their operations and digital ecosystems.