India's new SMS scrubber breaks OTP services and causes disruption to digital payment apps

Security
Source: Pexels

Unlike most of the world, India still relies heavily on One Time Passwords (OTPs) to authenticate online transactions, sign in to website and pay bills. While this system provides an additional security layer, it also relies on several different network operators and SMS.

Yesterday, it all came to a halt as India implemented a new SMS verification system. The new system is based on Blockchain's Distributed Ledger Technology (DLT) and it forces telemarketers to register themselves beforehand. The telemarketers can then use pre-approved templates to compose marketing messages. These messages are then scrubbed by telecom operators and delivered to users who have given their consent to receive marketing messages. The new system was developed to reduce spam messages that are delivered to users around the country.

However, when the system rolled out yesterday, the banks and other companies failed to register ahead of time resulting in high failure rate. With India's dependence on OTPs, this failure disrupted banking, credit/debit card transactions, e-commerce, railway and flight bookings, and even broke the Co-WIN registrations needed for the Covid-19 vaccinations. According to The Economic Times, out of one billion average daily SMS deliveries, 40% failed to deliver.

In a statement, The Telecom Regulatory Authority of India (TRAI) confirmed that it has suspended the roll out of the new system in order to give companies more time to register themselves.

In order to protect the interest of consumers, it has been decided that scrubbing of SMS by TSPs shall be suspended temporarily for seven days to enable the principal entities to register the template of SMS so that no inconvenience is faced by the customers. TSPs are being requested to inform their principal entities to take immediate necessary action in this regard and facilitate their registration including SMS template in a time-bound manner.

On the other hand, both banks and telecoms blamed the other party for the outage. According to the banks, telecom providers did not implement the new system correctly while operators blamed the banks for not registering in advance, despite of the repeated reminders.

SP Kochhar, director general, Cellular Operators Association of India (COAI) said:

TSPs (telecom service providers) are following Trai regulations and have activated due process of content scrubbing to address the issue of unsolicited commercial communication. TSPs have sent various communications to the principle entities to register their content template with the TSPs before March 7.

While TRAI has given companies another seven days to implement the new system, we do hope that this is taken as a cautionary tale and Indian companies develop a fail-safe method to deliver important messages in case of a nation-wide outage.

Report a problem with article
The Vodafone logo with computer code behind
Next Article

Vodafone calls for 5% VAT on cybersecurity products to help SMEs

Concept 1 design by Nothing
Previous Article

Nothing teases the "timeless" Concept 1 design, which may be an earbud

6 Comments - Add comment

Advertisement