The Securities and Exchange Board of India (SEBI) has proposed a SIM-binding mechanism to prevent unauthorised transactions in investors’ trading or demat accounts.
This mechanism—similar to that of Unified Payments Interface (UPI) payments—will ensure that a user can login to their trading account once the unique client code (UCC) matches with the linked mobile device and SIM.
“The proposed framework would create secure and robust authentication for log-in into mobile applications for trading…The registered mobile device would become the key for accessing the trading account, either on the desktop or on the mobile device,” Sebi said in a draft paper, inviting public comments by March 11.
- Also read: The alarming rise in digital fraud calls for urgent action
To login on other devices like desktops or laptops, a QR code-based, proximity-sensitive, and time-sensitive authentication will be used—similar to multiple login methods used by social media platforms.
A biometric authentication would also be required on the primary SIM-bound device. One mobile device can be linked to multiple UCCs of family members who use the same number, provided they are authorised.
Additionally, a fallback system will be set up in case the primary device is lost or changed, and a facility to temporarily lock-in the trading account. The proposal will also help investors to get information about the time and location of any logins into their account, Sebi said.
- Also read: Uber introduces zero-commission model for auto drivers
The proposals will be implemented in a phased manner, requiring the top ten qualified stock brokers to implement first. Initially, this would be made optional for the investors to opt for the proposed secure authentication mechanism.
The move follows instances of unauthorised access or modifications in trading accounts, SIM spoofing, erroneous share transfers, and other security concerns.
