Telecom service providers civilly liable for financial loss in SIM swap scams caused by their negligence: Karnataka High Court

Referring to India’s rapidly deepening digital economy and the UPI ecosystem that processes more than a thousand million transactions per month, the Karnataka High Court said that digital transactions have a single critical dependency: the mobile number registered for OTP verification.

In a verdict with far-reaching implications for telecom service providers (TSPs), the Karnataka High Court has held service providers civilly liable for financial losses caused by SIM swapping scams caused directly by their negligence, while labeling these providers as “custodians” whose role is equivalent to a “vault keeper in a traditional banking system”.

“Just as a vault keeper who negligently or dishonestly provides access to unauthorized persons is liable for the resulting theft, a telecommunications service provider who negligently or dishonestly issues a duplicate SIM is liable for the financial fraud that the duplicate SIM enables,” the court said.

Justice Suraj Govindaraj made these observations in a case where Basaveshwara Pattana Sahakara Bank Niyamitha (BPSBN), a cooperative bank of Shiralkoppa in Shivamogga district, lost ₹50.5 lakh from its current account maintained with a public sector bank after a BSNL official issued a duplicate SIM for a BPSB mobile number without express consent.

While dismissing BSNL’s petition challenging the Lok Adalat’s decision asking it to pay compensation of ₹5,000 to BPSBN, the court increased the compensation to ₹55,000,000, holding that BSNL owed a clear and non-negotiable duty of care to BPSBN as its subscriber to ensure that no duplicate BPSB SIM was issued.

OTP authentication

Referring to India’s rapidly deepening digital economy and the UPI ecosystem that processes more than a thousand million transactions per month, the court said digital transactions have a single critical dependency: the mobile number registered for OTP verification.

“If this dependency fails, as in the case of SIM swapping fraud, the entire security architecture is immediately bypassed,” the court noted.

The court further stated that “verifying the subscriber’s identity before issuing a duplicate or replacement SIM card is not a bureaucratic formality. It is a vital security measure on which the financial security of millions of bank account holders depends. Every telecommunications service provider must treat every request for a duplicate SIM card with the seriousness it deserves.”

The dispute arose out of fraudulent RTGS and NEFT transfers made between February 6 and 7, 2019 from the BPSBN account. BPSBN claimed that unknown persons obtained a duplicate SIM card associated with her registered mobile number from BSNL’s Bengaluru office, thereby gaining access to the OTP and making unauthorized transactions. The main allegation against BSNL was that the duplicate SIM was issued without proper verification or authorization.

However, BSNL claimed that the fraud arose out of complex crimes involving impersonation and internal errors at BPSBN and not from any deficiency in telecom services. BSNL also argued that issuing SIM cards falls within the statutory functions of telecommunications, but liability cannot arise where there is fraud by a third party. She also highlighted that OTP access alone was not enough to complete transactions as banking credentials remained confidential with BPSBN.

Vicariously liable

Rejecting BSNL’s argument that the matter was exclusively criminal in nature, the court observed that civil liability and criminal proceedings can co-exist while BSNL is vicariously liable for the negligence of its officials and the mere presence of an allegation such as cheating or impersonation does not deprive the dispute of its civil nature if the relief sought is compensation for financial loss.

Meanwhile, the court also said that banking institutions must also take proactive steps to protect their customers and themselves from SIM swapping scams.

Published – 05 Jun 2026 20:48 IST