In a step to clamp down on rising number of cyber fraud cases, the Reserve Bank of India (RBI) has asked all regulated banks, public, private, co-operative, small finance and payments bank, to immediately adopt the Financial Fraud Risk Indicator (FRI) system developed by the Department of Telecommunication (DoT).
The directive, issued on June 30, 2025, marks a notable shift in the government’s approach to cybersecurity, especially for the banking sector. To put it simply, the RBI is now pushing for tighter, tech-enabled coordination between the banking and telecom sectors to protect customers from fraud.
Advertisement
What is FRI, and why now?
FRI is a data-enabled tool rolled out by the DoT earlier in May 2025, which flags mobile numbers suspected of involvement in financial fraud.
Here’s how the system works: It assigns a risk rating, namely Medium, High, or Very High, based on inputs from the National Cybercrime Reporting Portal, Dot’s fraud-reporting platform Chakshu, and intelligence shared by banks and financial institutions.
If a mobile number is tagged as risky, banks are expected to act, either by issuing a warning, flagging a transaction, or in some cases, blocking it. The idea is to let banks act in real time to stop fraud before it hurts the customer.
Advertisement
This cross-sector coordination is already in action at some banks and fintech applications such as HDFC Bank, ICICI Bank, Paytm, PhonePe, and India Post Payments Bank, which are currently using the platform. With the RBI’s new mandate, others are now expected to catch up quickly.
How will this system help customers?
The system gets directly integrated into a bank’s fraud detection and customer service channels. If someone attempts a transaction from a number flagged as high risk, the system can alert the bank’s backend in real time. Banks can then take action from holding up the payment to issuing an instant alert to the customer.
Advertisement
Now, for example, if a scammer tries to move your money from a compromised app or initiates a fraudulent UPI request from a flagged number, the bank could stop the transaction right there, without you needing to raise a red flag.
The Digital Intelligence Unit (DIU) under DoT also shares a “Mobile Number Revocation List” with banks. This list includes numbers disconnected for being linked to cybercrime or failing verification. For financial institutions, it becomes another signal to watch out for.
According to people tracking the rollout, what makes FRI useful is its ability to draw on multiple layers of data, such as telecom behaviour, banking patterns, reported fraud complaints, and convert all of that into something actionable during a transaction. It’s basically an API-first model, meaning it can plug into most banking systems without large infrastructure changes.
Advertisement
Are there any notable challenges in the system?
There could be an issue with ‘false positives’ wherein legitimate users could be flagged wrongly if they inherit recycled numbers, for instance. There is also the question of consent and data privacy, especially under India’s new Digital Personal Data Protection Act.
Scammers would be also quick to adapt and experts warn that as FRI tightens the noose on domestic fraud-linked numbers, fraudsters might shift operations to untraceable platforms like WhatsApp, or use foreign VoIP numbers that bypass current detection systems.
That said, few countries have managed to institutionalise this kind of data exchange between telecom and financial regulators in a structured, mandatory way. India’s approach, by making it regulatory instead of voluntary, marks a significant change in how digital fraud is tackled.
