A video featuring a man and a woman has been circulating on WhatsApp and social media, claiming that OTP (One-Time Password) messages could face delays starting December 1, 2024, due to new TRAI regulations on bulk SMS. The video attributes these delays to the Telecom Regulatory Authority of India’s (TRAI) upcoming traceability guidelines.
However, TRAI has dismissed these claims as "factually incorrect". In a post on X, the regulatory body reassured the citizens that its new message traceability guidelines will not disrupt OTP delivery. TRAI emphasised that telecom operators will continue to ensure uninterrupted services for essential transactions like OTPs while simultaneously enhancing the security of messaging systems.
Sharing the said video on X, the post read, "This is factually incorrect. TRAI has mandated the Access Providers to ensure message traceability. It will not delay the delivery of any message." The regulatory authority shared the same message on its WhatsApp channel too.
Multiple media outlets, including The Hindu and ABP Live, also published reports that fueled speculation about potential delays in OTPs, raising concerns about their impact on consumer transactions like bank transfers and online payments.
Similarly, YouTube channels such as SSC Wallah and Stock Advisor shared comparable claims. In a video on SSC Wallah’s channel, it was even suggested, "One should keep cash handy moving forward, as payments requiring OTPs could face challenges starting December 1."
But what are the TRAI regulations which have given rise to these speculations?
TRAI’s new regulation mandates telecom companies—such as Reliance Jio, Bharti Airtel, Vodafone-Idea, and BSNL—to trace the origin of messages sent by banks, financial institutions, and e-commerce platforms. This initiative is designed to enhance transparency, hold entities accountable for their messages, and curb fraudulent and spam messaging.
To achieve this, TRAI initially set a compliance deadline of November 30, requiring Principal Entities (PEs) and Telemarketers (TMs) to implement technical upgrades and register their message delivery chains. PEs include organisations like banks, financial institutions, insurance companies, trading firms, and other businesses that send commercial messages to telecom subscribers. TMs are the intermediaries responsible for transmitting these messages on behalf of the PEs.
On November 30, TRAI extended the compliance deadline to December 10, with the traceability requirements taking effect from December 11. In a press release, the Ministry of Communications confirmed that Access Providers—telecom companies offering voice calls, SMS, and internet services—have already deployed the necessary technical infrastructure. In India, Access Providers include Reliance Jio, Airtel, Vodafone-Idea, and BSNL.
The Ministry also noted significant progress in onboarding entities. Over 27,000 PEs had registered their message delivery chains with Access Providers, with additional registrations continuing at a rapid pace. Warning notices have been issued to non-compliant PEs and TMs to ensure they meet the extended deadline.
The traceability mechanism aims to address spam and fraud issues in the telecom ecosystem. TRAI recently reported a noticeable decline in spam call volumes following regulatory interventions. Complaints about unregistered senders dropped from 1.89 lakh in August to 1.63 lakh in September, and further to 1.51 lakh in October—a 20% reduction. Moreover, TRAI disconnected 2,75,000 phone numbers and blocked services for 50 entities linked to spam calls and unregistered telemarketing activities.
Public sentiment also reflects the impact of these measures. A survey by LocalCircles, which polled over 14,000 mobile subscribers across 309 Indian districts, revealed that 27% of respondents experienced a reduction in unwanted calls. These findings highlight the effectiveness of TRAI’s ongoing efforts to streamline and secure commercial messaging systems.
How will the traceability mechanism work?
One-Time Passwords (OTPs) are a cornerstone of online security, providing an additional layer of authentication to safeguard against unauthorized access. They are widely used across sectors like banking, e-commerce, and digital services to verify user identity during transactions. However, the very mechanism designed for security has increasingly become a target for cybercriminals. Through methods like phishing, SIM swapping, and social engineering, fraudsters intercept OTPs to commit financial fraud.
To address this growing concern, the Telecom Regulatory Authority of India (TRAI) introduced message traceability rules aimed at curbing misuse. These rules require telecom companies to ensure that all messages, including OTPs, are traceable to their origin, creating accountability and preventing the misuse of the messaging system.
Under these regulations, financial institutions, banks, and e-commerce platforms must validate the complete delivery chain of all their communications. Any messages that cannot be traced or fail to align with verified records will be blocked by telecom operators.
A key component of implementing these rules is the Distributed Ledger Technology (DLT) platform. DLT, a blockchain-based system, ensures that data is stored securely, transparently, and immutably. Principal Entities, such as banks and businesses, and Telemarketers are required to register their communication chains on this platform. This registration enables telecom operators to maintain a traceable record of all bulk messages sent within the ecosystem, thereby enhancing security and accountability.
Despite its touted potential to significantly reduce fraud, the rollout of these regulations faced logistical challenges. According to The Economic Times, telecom service providers requested an extension, citing that many telemarketers and business entities, including banks, were not yet technically prepared to comply with the mandate.
In response, TRAI extended the original deadline from October 31 to November 30, providing stakeholders additional time to implement the necessary changes.