.svg)
The Reserve Bank of India (RBI) has instructed financial institutions to begin using a real-time mobile number blacklist to tighten up their fraud monitoring and prevention programmes.
Earlier this month, the RBI issued a circular that mandates the use of the government’s Mobile Number Revocation List (MNRL) portal by regulated entities, including bank and non-bank payment service providers (PSPs).
The MNRL allows telecom service providers (TSPs) to publish in real time the mobile numbers that they have disconnected.
The decision to disconnect could be due to verification failures, law enforcement reports of criminal activity, telecoms-based fraud analysis, or lack of usage of the number for an extended period of time.
Since the launch of the MNRL, banks and payments firms have been encouraged to use it to screen against their own workflows and customer databases.
If they have customers who are associated with the revoked mobile numbers, these customers can then be asked to re-verify themselves and provide a new registered number.
Additionally, if they are able to re-verify themselves, they can be placed under enhanced monitoring.
As the RBI notes, these measures can help to prevent financial accounts from being used to commit fraud or for money muling.
They also help to ensure that one-time passcodes are sent to the correct device and the correct customer.
From encouraged to mandatory
The RBI’s circular means that regulated entities are now required to use the MNRL, rather than simply encouraged to do so.
Firms must also provide their customer care numbers to the government’s Digital Intelligence Platform (DIP), so that they can be verified and published on the government’s Sanchar Saathi portal.
The DIP is managed by the Department of Telecommunications (DoT), a unit within the Ministry of Communications, and Sanchar Saathi aims to protect consumers from impersonation fraud.
Finally, firms must ensure that their outbound customer service calls use numbers that begin only in “160”, and promotional calls use numbers that begin only in “140”.
Initially, the RBI asked regulated entities to comply with the circular by March 31, 2025. However, since the circular was published, the RBI has edited the circular and removed the reference to a hard deadline.
The circular now simply states that “regulated entities are advised to ensure compliance with the above instructions expeditiously”.
The bigger picture
The circular is one of the RBI’s first initiatives to tackle fraud since Sanjay Malhotra took over as governor in December last year.
This month, in his first meeting with bank executives, Malhotra made clear that tackling digital fraud will continue to be a priority under his leadership.
As shown in the RBI’s latest annual report, the number of fraud cases reported by banks has quadrupled since 2021-22.
Moreover, the number of card and internet-based fraud cases has seen the biggest increase, and now makes up 80 percent of all fraud cases.
Phone number-based initiatives in other jurisdictions
Although rising digital fraud rates are a universal problem for regulators, jurisdictions are responding with their own mix of interventions.
In 2022, Singapore’s Infocomm Media Development Authority (IMDA) created the Singapore SMS Sender ID Registry (SSIR), which requires all organisations that use alphanumeric Sender IDs in SMS messages to register.
Under Singapore’s Shared Responsibility Framework (SRF), telcos can be made liable for reimbursing victims of phishing scams if they fail to prevent unregistered numbers from sending scam SMS messages.
In 2024, Australia followed with an SMS Sender ID Registry, and looks likely to impose specific standards on telcos through its Scams Prevention Framework (SPF).
Both approaches aim to protect consumers from impersonation fraud by preventing scammers from posing as bank staff or government agency staff when contacting potential victims.
SMS messages sent by unregistered sender IDs may be blocked by their telco provider, or may be labelled as potential scams.
Earlier this month, as covered by Vixio, lawmakers in Ireland called for an SMS scam filter, noting that other EU jurisdictions, including Belgium, Poland and Spain, have either launched or are planning to launch a similar system.
Why you should care
In 2025, there is hardly a consumer left who has not been targeted by an SMS scam, a voice call scam or some other digital fraud attempt.
Regulators are increasingly coming to the consensus that the best way to detect, disrupt and prevent these attempts is to regulate and closely supervise the phone numbers that scammers may be using.
In future, firms can expect to see more jurisdictions issuing prescriptive regulations on how financial institutions should incorporate surveillance and analysis of phone numbers into their fraud monitoring and prevention systems.
As the example of India shows, these measures are unlikely to remain voluntary for much longer, particularly against a backdrop of rising scam attempts.
