SEBI Considers Tech-Driven Solutions to Prevent Unauthorized Transactions in Investors' Demat Accounts

In a bid to create a more secure trading environment, the Securities and Exchange Board of India (SEBI) has proposed a SIM-binding authentication mechanism for mobile devices, linking them to a client’s Unique Client Code (UCC). This proposal, similar to the authentication system used in UPI payment applications, aims to ensure that only authorized users can access trading accounts and execute transactions.

SEBI’s proposal, outlined in a consultation paper released on Tuesday, aims to curb unauthorized access, prevent fraud, and enhance investor security by introducing a One UCC-One Device-One SIM authentication method.

Invest in Indian Markets and Unlock Future Potential With 5paisa!

Open Account Now

Need for Strengthening Authentication

According to SEBI, the current authentication mechanisms for trading accounts need improvement to prevent unauthorized access and fraudulent transactions. The regulator noted that digital trading platforms are vulnerable to cyber threats, identity theft, and hacking attempts.

To mitigate these risks, SEBI emphasized the need for a robust and multi-layered authentication framework that verifies the user's identity before allowing access to the trading platform.

Key Features of the Proposed Authentication Mechanism

1. SIM-Binding for Secure Logins: The new system will bind a client’s UCC with their registered mobile number (SIM) and IMEI number. Similar to UPI payment applications, the trading app will recognize the registered SIM and mobile device before granting access.

2. Biometric Authentication for Mobile Logins: Investors logging into trading apps via mobile devices will be required to authenticate themselves using biometric verification, such as fingerprint or facial recognition. This ensures that only the account holder can access and execute trades.

3. QR Code-Based Authentication for Desktop and Laptop Logins: Users logging in from other devices like desktops or laptops will need to scan a time-sensitive and proximity-sensitive QR code to verify their identity. This method is similar to authentication processes used on social media and banking platforms.

4. Backup System for Lost or Changed Devices: To prevent disruptions in case of a lost or changed device, a backup authentication mechanism will be implemented. Clients will be able to continue trading after securely re-verifying their identity.

5. Enhanced Security for Call-and-Trade Services: For investors using call-and-trade or walk-in trading facilities, authentication mechanisms will also be strengthened to prevent unauthorized transactions.

Implementation Plan and Phased Rollout

SEBI plans to implement the proposed security measures in a phased manner to ensure a smooth transition. The framework will initially be optional, allowing investors to voluntarily opt for the enhanced security features.

In the first phase, the new authentication system will be mandatory for the top 10 Qualified Stock Brokers to implement. Over time, the system will be gradually expanded to cover all brokers and investors. Eventually, the secure authentication mechanism will become mandatory for all trading account holders.

Investor Protection and Regulatory Compliance

The primary objective of this proposal is to safeguard investors from cyber threats and unauthorized access. With the rise in online trading, SEBI recognizes the need for stringent security measures to protect client data and prevent fraudulent activities. By introducing SIM-binding, biometric verification, and QR code authentication, the regulator aims to create a seamless yet highly secure trading experience for investors.

Public Feedback and Next Steps

SEBI has invited public comments and feedback on its proposal. Investors, stockbrokers, and other stakeholders can submit their views until March 11, 2025. Once the feedback is analyzed, SEBI will finalize the framework and release implementation guidelines for brokers and trading platforms.

The proposed authentication mechanism is a significant step toward enhancing digital security in stock trading. By implementing a multi-layered authentication approach, SEBI aims to create a safer and more reliable trading environment for investors.

With cyber threats on the rise, this initiative is expected to prevent unauthorized access, protect sensitive financial data, and build greater trust in the trading ecosystem. As the proposal moves forward, investor participation and compliance will be crucial for its successful adoption.