The online payment platform Paytm run by One97 Communications Ltd, recently moved the Delhi High Court alleging that telecom service providers are not blocking fraudsters who are defaulting its customers by ‘phishing’ activities over the various mobile networks.
In a recent report, Paytm has claimed that millions of its customers have been defrauded by the phishing activities over the mobile networks and the failure of the telecom companies to prevent the same has caused immense financial losses and reputational losses to various companies which it has sought damages of Rs 100 crore from them.
A cybercrime where people are contacted by email, phone calls, or text messages by someone posing as a legitimate representative of an organization to lure them to part with their sensitive data, including banking and credit card details and passwords known as phishing.
In a petition raised by Paytm, it has contended that telecom majors like Airtel, Reliance, Jio, BSNL, MTNL, and Vodafone are violating their obligations under the Telecom Commercial Communications Customer Preferences Regulations (TCCCPR) 2018 which was notified by the Telecom Regulatory Authority of India (TRAI) to curb the problem of unsolicited commercial communications.
Under the regulations, Paytm has contended that the telecom companies are required to verify purported telemarketers seeking registration with them before granting access to their customer data and take action immediately against all fraudulent RTMs.
The petition further said that the telcos’ failure to undertake proper verification before such registration enables fraudulent telemarketers to carry out phishing activities against customers of Paytm and its associate companies.
Under the statutory regime, it is the telecom companies’ responsibility to prevent such fraud and deter the fraudsters through blocking and/or financial disincentives. In connection to the modus operandi of fraudsters, Paytm explains that such people or entities get registered with the telecom companies and get assigned themselves headers, like Paytm, PTM, PYTM, IPAYTN, PYTKYC and its derivatives, which are indeed similar to official headers of Paytm including BPaytm, PAYTMB, FPaytm and mPaytm and then they send messages to its customers for getting their sensitive and private information, including account details and passwords.
Various links are included in the messages which when clicked install software on the phone allowing the fraudster to get the customer’s financial account details stored on the device. Customers receive calls from fraudulent RTMs and then their private information is sought under the pretext of completing their KYC requirements for making their Paytm wallets operational.
Directions have been sought from the court to TRAI by Paytm to ensure complete and strict implementation of TCCCPR provisions to curb fraudulent unsolicited commercial communications sent over mobile networks and to take action against the telecom companies for violating their obligations to verify telemarketers under the regulations.
Further, Directions have also been sent to the center to ensure no sim card is sold without proper verification and to establish an inter-agency task force to coordinate action for limiting fraud taking place over telecom networks. Paytm has alleged that the violations were brought to the notice of the telecom companies, but they failed to take prompt action to block the fraudulent RTMs and impose financial disincentives against them.
It has also been claimed that certain TCCCPR provisions provide for the only action against those telemarketers who make unsolicited communications in bulk and provide for only graded penalties and had has sought an order declaring such regulations as unconditional and ultra vires the TRAI act. A declaration has been sought from the court that under the regulations the telecom companies are obligated to put in place mechanisms to register reports of violations from customers.