In response to growing concerns over security breaches and fraudulent activities, the Securities and Exchange Board of India (SEBI) has released a consultation paper proposing technology-based measures to secure the trading environment and protect investors from unauthorized transactions in their trading and demat accounts.
Addressing the Rising Threats
The paper acknowledges the rapid technological advancements in trading platforms, which, while offering convenience, have inadvertently exposed vulnerabilities. Instances like SIM spoofing (to divert One-Time Passwords or OTPs), unauthorized modifications to accounts, erroneous transfers of shares, and hacking of trading accounts are becoming more frequent. Such incidents not only jeopardize the security of investors’ funds but also threaten the integrity of the financial markets.
SEBI’s consultation paper stems from the regulator’s concern over the lack of adequate technological controls that have left mobile and web-based trading platforms susceptible to hacking, identity theft, and fraud. In light of these threats, SEBI formed a working group tasked with recommending suitable security measures. The recommendations from the group have formed the basis of the proposed framework, which includes robust authentication mechanisms designed to ensure that only authorized users can access their trading accounts.
Proposed Technology-Based Security Framework
One of the cornerstone proposals of the framework is the SIM binding mechanism, similar to the security used by UPI payment applications. This system, known as One UCC (Unique Client Code)-One Device-One SIM, links the client’s UCC to their registered mobile device. Trading accounts would only be accessible when the application recognizes the UCC, mobile device, and SIM. This creates a hard-bound authentication that adds an additional layer of security, making it much more difficult for unauthorized users to gain access.
The proposed framework goes beyond SIM binding and includes multiple security measures such as:
- Biometric Authentication: Ensuring that trades can only be executed by the authorized user through fingerprint or facial recognition.
- Secondary Device Registration: Clients will be able to register a secondary device for trading, provided both devices remain within a 100-meter range of each other, ensuring security even when devices are in different locations.
- Temporary Account Locking: A feature that allows investors to lock their accounts temporarily, which can be useful in cases of suspected unauthorized access.
- In addition, the proposal introduces tighter security protocols for investors using call and trade or walk-in trade facilities. These trades will require OTP-based authentication to prevent unauthorized orders, ensuring that transactions can only occur with proper verification.
Phased Implementation and Benefits to Investors
The framework will be implemented in phases. Initially, the top 10 qualified stock brokers will be required to implement the proposed measures within six months. The provisions will then be rolled out gradually, with investors given the option to opt into the new security measures. Over time, the framework will become mandatory for all investors accessing their trading accounts.
For investors, the primary benefit of these new measures is the creation of a secure trading environment. With the combination of hard-binding SIM devices, biometric authentication, and enhanced verification procedures, the risk of unauthorized transactions and fraudulent activities will be significantly reduced. The security features are designed to ensure that only the rightful account holder can access and execute trades, even if the investor’s mobile device is lost or stolen.
Moreover, by implementing features such as account locking and session monitoring, SEBI aims to provide greater control to investors over their trading accounts, giving them the ability to revoke any unauthorized sessions or temporarily disable the account for added security.
Looking Ahead
SEBI’s consultation paper is a timely and proactive approach to ensuring the security of India’s rapidly growing online trading ecosystem. With the increasing reliance on digital platforms, safeguarding investors’ assets has become more critical than ever. By addressing vulnerabilities through a comprehensive, technology-driven framework, SEBI is not only aiming to enhance the integrity of the market but also to foster greater confidence among investors.
As the consultation period progresses, it is expected that stakeholders, including stock brokers, investors, and industry experts, will provide feedback to further refine the framework. The measures outlined in the paper, once fully implemented, will set a new standard for security in trading and demat accounts, protecting investors and strengthening the broader financial ecosystem.
