The Securities and Exchange Board of India (SEBI) has unveiled a comprehensive proposal for new technology-based security measures aimed at protecting trading and demat accounts from unauthorized access. The proposed framework, which would be implemented in phases starting in 2025, centers on SIM binding and biometric authentication mechanisms, building upon India’s growing adoption of biometric authentication for financial services.
The new security system will link investors’ mobile device SIM cards and IMEI numbers to their Unique Client Codes (UCCs), similar to the device binding solutions already deployed by some financial institutions in India. On primary devices, users will need to authenticate using biometric methods such as facial recognition or fingerprint scanning to access trading applications, enhancing security beyond traditional password-based systems.
For secondary devices like desktop computers, the framework implements a QR code-based authentication system that is both proximity and time-sensitive, similar to login methods used by social media platforms. The approach follows recent innovations in secure QR authentication technology designed to prevent phishing attacks. The system will allow users to monitor and revoke active sessions on any linked devices.
The framework includes provisions for family accounts, enabling a single mobile device or SIM to be linked to multiple UCCs belonging to family members, including Hindu Undivided Families (HUFs). Stock brokers will need to obtain specific authorization from clients to enable these linkages, addressing concerns about account sharing and unauthorized access.
Additional security features include the ability to temporarily lock trading accounts and set trading controls based on parameters such as volume, price bands, and time windows. For clients using call-and-trade or walk-and-trade facilities, the system will verify beneficiary demat account names before executing off-market transactions, with authorization conducted through QR codes or push notifications.
Implementation will begin with the top 10 Qualified Stock Brokers, who will have six months to integrate the new security measures. The framework will initially be optional for investors before becoming mandatory in subsequent phases, following a similar rollout strategy to other major financial security initiatives in India.
SEBI has opened the proposal for public comment until March 11, 2025. The measures come in response to increasing incidents of unauthorized access, SIM spoofing, and trading account fraud, following recommendations from a SEBI-constituted working group. The initiative is part of broader efforts across India’s financial sector to strengthen digital security measures and protect investor interests.
Sources: Economic Times, TaxGuru, DevDiscourse
Follow Us