Telecom service providers bear civil liability for financial loss in SIM swap frauds caused by their negligence: Karnataka High Court

Account subscription benefits alongside Premium Stories, Editorials, Opinions and more. Unlock these with Subscription

The View From India Looking at World Affairs from the Indian perspective.

First Day First Show News and reviews from the world of cinema and streaming.

Today's Cache Your download of the top 5 technology stories of the day.

Data Point Decoding the headlines with facts, figures, and numbers

Health Matters Ramya Kannan writes to you on getting to good health, and staying there

The Hindu On Books Books of the week, reviews, excerpts, new titles and features.

Referring to India’s rapidly deepening digital economy and the UPI ecosystem, which handles over a thousand crore transactions monthly, the High Court of Karnataka said digital transactions have a single critical dependency: the mobile number registered for OTP authentication.

In a verdict with far-reaching consequences for telecom service providers (TSPs), the High Court of Karnataka has held that the TSPs bear civil liability for financial losses caused by SIM swap frauds enabled directly by their negligence, while terming the TSPs “custodians” whose role is equivalent to a “vault keeper in a traditional banking system”.

“Just as a vault keeper who carelessly or dishonestly gives access to unauthorised persons bears responsibility for the resulting theft, a telecom service provider that carelessly or dishonestly issues a duplicate SIM bears responsibility for the financial fraud that the duplicate SIM enables,” the court observed.

Justice Suraj Govindaraj made these observations in a case where Basaveshwara Pattana Sahakara Bank Niyamitha (BPSBN), a cooperative bank of Shiralkoppa in Shivamogga district, had lost ₹50.5 lakh from its current account maintained in a public sector bank, after a BSNL official issued a duplicate SIM for the mobile number of BPSBN without its express and verified consent.

Referring to India’s rapidly deepening digital economy and the UPI ecosystem, which handles over a thousand crore transactions monthly, the court said digital transactions have a single critical dependency: the mobile number registered for OTP authentication.

“If this dependency fails, as it does in a SIM swap fraud, the entire security architecture is bypassed instantly,” the court observed.

The dispute stemmed from fraudulent RTGS and NEFT transfers carried out between February 6 and 7, 2019, from BPSBN’s account. BPSBN alleged that unknown persons obtained a duplicate SIM linked to its registered mobile number from a BSNL office in Bengaluru, thereby gaining access to OTPs