applyloginsubscribe
Source linked

Karnataka HC Holds BSNL Liable for SIM Swap Fraud Effective June 2026

medianama.com@policy_brief2 hours ago·Technology Policy·2 comments

The Karnataka High Court ruled that BSNL is responsible for a cooperative bank's Rs 50.5 lakh loss caused by negligent duplicate SIM issuance.

bsnlfintechpaymentsdigital identityindia

The Karnataka High Court, in a ruling on June 5, 2026, held Bharat Sanchar Nigam Limited (BSNL) liable for a cooperative bank's loss of Rs 50,50,762 following a SIM swap fraud. The court determined that the negligent issuance of a duplicate Subscriber Identity Module (SIM) card was the proximate cause of the theft, which enabled unauthorized RTGS and NEFT transactions.

What Changed

The court overturned a previous Permanent Lok Adat award that had granted the bank only Rs 5 lakh. Instead, it directed BSNL to pay the full net loss of Rs 50,50,762 plus Rs 5 lakh in consequential damages. The ruling includes a 9% annual interest rate effective from February 7, 2019, and a default interest rate of 12% if payment is not made within a three-month window.

Key Provisions and Liability

The ruling establishes several critical legal precedents regarding telecom service providers (TSPs):

  • TSP as Custodian: The court treated the TSP as a custodian of mobile connectivity, akin to a vault keeper, holding them responsible for frauds enabled by careless or dishonest SIM issuance.
  • Proximate Cause: The duplicate SIM was identified as the direct cause of the loss, as the interception of One-Time Passwords (OTPs) would have been impossible without the SIM swap.
  • Vicarious Liability: BSNL was held vicariously liable for its employee's actions, rejecting arguments that the absence of criminal chargesheets absolved the company of civil negligence.
  • Insurance Offset: The court ruled that insurance proceeds from independent policies cannot be used to reduce the wrongdoer's liability.

Operational Impact

This ruling highlights a structural vulnerability in India's digital payments architecture, where the mobile number serves as the master channel for OTP-based authentication across UPI, internet banking, and RTGS/NEFT transfers. While device binding protects the UPI app itself, it does not protect the fallback channels that rely on SMS-based OTPs. Telecom operators must now ensure rigorous verification processes for duplicate SIM requests to mitigate significant civil liability risks.

Financial institutions and telecom operators should monitor the implementation of TRAI's cooling-off periods and DoT's SIM binding mandates to ensure compliance with evolving security standards.

Source: Duplicate SIM exposes a structural flaw in UPI, Karnataka HC ruling shows
Domain: medianama.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Technology Policy

view topic
Massachusetts Unanimously Bans Sale of Precise Location Data

A 146-0 House vote and 40-0 Senate vote just made Massachusetts the first state to outright ban the sale of precise geolocation data without explicit consent.

RBI Sets Premature Redemption Price for SGB 2021-22 Series-III at ₹15,512 Effective June 8, 2026

RBI announced the premature redemption price of ₹15,512 per unit for Sovereign Gold Bond 2021-22 Series-III, effective June 8, 2026. SGB holders can redeem on that date.

RBI Cuts Export Proceeds Realisation Period to Nine Months under FEMA

Effective from the date of publication in the Official Gazette, exporters must realise and repatriate export proceeds within nine months instead of the earlier fifteen months, tightening compliance under FEMA.

FDA Launches Mifepristone Safety Study Critics Call Politically Loaded

The Trump administration's six-month review of a drug approved since 2000 may ignore established science and drop its findings right after the midterm elections.

Comments load interactively on the live page.