This is how TRAI plans to make OTP secure
NEW DELHI: The telecom regulator is planning to write to all public sector undertakings (PSU) and semi-government organisations to use mobile number revocation list to enable mobile verification security foolproof against any misuse.
“We are going to write to all government entities and semi-government firms which use mobile number to authenticate one-time password (OTP) for verification to use mobile number revocation list,” the Telecom Regulatory Authority of India (Trai) chairman Ram Sewak Sharma told ETT.
Earlier this week, the regulator has also met officials of the National Payments Corporation of India (NPCI), and is planning to publicise and writing separately to all banks, including Reserve Bank of India (RBI), Insurance Regulatory and Development Authority (IRDAI) to sensitise on mobile security.
The new initiative is one of the critical developments and aimed at consumer protection, according to the top official.
In February, the regulator launched an online platform for putting up a compiled revocation list based on data submitted by telecom service providers to facilitate companies to discontinue mobile connections which were no longer in use by their consumers.
Such a move would eventually prevent any attempt of misuse against a number of utility and banking services as well as direct benefit transfer (DBT) scheme.
“If a number is revoked, the OTP should not go to the wrong person,” Sharma said, and added that some organisations had asked for such an intervention from the telecom watchdog since such numbers are reallocated to a different subscriber after a gap of six months following the unavailability of newer series.
The regulator has already published the January data, and the platform allows any user to easily download the file.