It’s time telcos walked the talk on fighting fraud and spam–will they?
Airtel is rallying competitors to join forces against telecom-related cyber fraud. Will the telecom sector unite to tackle this growing menace, or will competition prevail?
Airtel, India’s second-largest telecom firm by subscribers and revenue, has called on its competitors to collaborate on what it calls a ‘joint telecom fraud initiative’. The aim is to create a common platform with Reliance Jio, Vodafone-Idea and state-run Bharat Sanchar Nigam Ltd to tackle the growing menace of cyberfraud proliferating over telecom networks.
This follows the launch of Airtel's proprietary, AI-driven tool, which will operate in the backend to automatically detect and block malicious links in text messages (SMS), OTT messaging services like WhatsApp, Telegram, Instagram, Facebook Messenger, and emails.
Airtel claims the tool, which is auto-enabled for its mobile and broadband users, is a global first. It works in real time and not only identifies malicious links but also blocks page loads if a user happens to click on such links.
There’s no gainsaying the fact that cybercrime is not only a serious problem, but also a high-growth sector. According to data compiled from the National Cybercrime Reporting Portal, more than 1.9 million complaints were registered last year, and people had been cheated of ₹22,812 crore in 2024, up sharply from just ₹551 crore in 2021.
Also Read | Good lord! Is that another spam call? Here's why scammers keep getting through to you
Will they, won't they
Airtel’s initiative sounds timely and much-needed for India’s more than 1 billion mobile and internet users. Unfortunately, it's unlikely to succeed for two key reasons.
First, any meaningful industry-wide effort requires sharing data such as customer information, usage patterns, etc. However, in a fiercely competitive market, telcos are highly unlikely to voluntarily share such sensitive data. There is a way this can happen, but the government will need to make such sharing mandatory. Even then, it may not work unless a neutral, digital exchange is created where the data can be anonymised and shared.
A similar initiative, also mooted by Airtel last year, failed. In September 2024, Airtel’s CEO Gopal Vittal had urged competitors to share data on corporate names and active users, to try and curb spam calls and unsolicited/fraud SMS text messages. Its peers declined to join, claiming that they had their own systems for scam protection.
Second, there's a financial angle to this. Most bulk SMSs and robot calls are sent out on behalf of entities that specialise in this business. Such a shared database would have helped to massively curb the incidence of spam/scam messages.
However, cracking down on these entities would mean that telecos’ toplines and bottomlines would take a sharp knock, since this accounts for a good chunk of their revenue. India sees one of the highest volume of commercial messages in the world, averaging more than 1.7 billion per day.
Knocking this out would severely dent telcos' P&L, which is why the initiative didn’t go anywhere, and pesky calls and SMSs continue unabated.
A study by cybersecurity firm McAfee found that Indians receive an average of 18 scam messages a day and spend almost two hours a week being targeted by scam calls.
Also Read | Spam calls: Vodafone Idea, Jio, Airtel tap vendors for caller ID service
Regulators need teeth
Regulators have so far played a futile game of catch-up with scammers. Under the Telecom Commercial Communications Customer Preference Regulations, 2018 (TCCCPR-2018), entities were classified as either access providers, principal entities, or telemarketers.
The rule mandates registration on distributed ledger technology (DLT) platforms. It also specifies ‘140’ series for promotional calls and ‘160’ series for transactional/service calls.
Further, digital consent acquisition via QR codes, APIs, or DCA platforms is mandatory. Every user in India knows how effective these have been in practice. There are also fines for non-compliance.
According to reports, a cumulative ₹141 crore of fines have been imposed on telecom companies for non-compliance with one or the other provision of TCCCPR. A fleabite for an industry with gross revenues of more than ₹2.65 trillion in FY24.
Expecting voluntary action from telecom operators to tackle spam, fraud messages and calls is futile. India requires mandatory data sharing as seen in countries like Singapore; protocols to prevent identity masking, like STIR or secure telephone identity revisited and SHAKEN or signature-based handling of asserted information using tokens used in the US; and robust KYC enforcement.
India’s billion-plus users will continue to be fair game for scamsters if the regulator doesn't step up. The Telecom Regulatory Authority of India must ensure that not just the fraudsters, but also the intermediaries enabling them – telecom operators included – feel the real bite of non-compliance. Fleabite fines are not going to work.
Airtel, Google team up to counter Jio’s free cloud blitz with 100 GB storage
topics
