SubscriberWrites: India’s fascination with the phone number derails privacy, opens up owner to scams
YourTurn

SubscriberWrites: India’s fascination with the phone number derails privacy, opens up owner to scams

Phone number is personal, ubiquitous, and readily accessible. But the same attributes that make a phone number so powerful make it vulnerable, writes Dr Anoop Agarwal.

   
Commuters watch videos on their mobile phones as they travel in a suburban train in Mumbai | Representational image | Reuters

Commuters watch videos on their mobile phones as they travel in a suburban train in Mumbai | Representational image | Reuters

Thank you dear subscribers, we are overwhelmed with your response.

Your Turn is a unique section from ThePrint featuring points of view from its subscribers. If you are a subscriber, have a point of view, please send it to us. If not, do subscribe here: https://theprint.in/subscribe/

Indian businesses drool over your mobile phone number. Nothing else, just the phone number. Each of you must have had at least one transaction where sharing your phone number was an obligatory step. Using a phone app, web transaction, store purchase, insurance inquiry or for just about anything, a personal mobile phone number is often the starting point.

Online commercial organizations (e-com) need to establish a form of communication with their customers to share order details, login information etc. An email-based system used to work fine, but now the default is a phone number. Businesses that collect both email and phone numbers often use the phone number as the gatekeeper for online transactions. Sharing phone numbers to e-com invites unsolicited ‘confirmation’ calls, marketing spam, feedback and potential for data theft if the online portal is not secure enough. An unsolicited phone call is intrusive to a person’s work, more so if the work involves direct human interaction or operating critical machinery. The penalty for not attending a confirmation or delivery call may lead to delay or cancellation of the transaction. My guess is you wouldn’t want your attending doctor or an on-site civil engineer to engage in a phone call directing a courier agent how to reach their address.

Brick-and-mortar (B&M) stores are taking this a few notches up. It is almost a standard practice for B&M stores to ask for your phone number for purchases as basic as a pack of gums or a chocolate bar. An informed Indian resident seems to keep a spare number just for this purpose or simply “share your boss’s number”, as someone suggested on a social media network. The stores picked up the flaw in their otherwise master plan and now demand an OTP (one-time password) to complete the transaction. It often follows customer registration to their portal without the customer’s consent. Next time, walk into any store in a mall from where you made a purchase previously. There’s a good chance you are one of their registered customer enrolled in a reward program that you don’t even know about. One may wonder why B&M stores need to do all this. Two apparent answers come to my mind. The first is to bypass DND (do-not-disturb) and bombard their customers with unsolicited calls or texts. Such business practices in India have essentially killed SMS as a means of personal communication. Second, to have a data repository which they can monetize later. One can only imagine that anyone buying such personal data is unlikely to use it for altruistic purposes.

Government enterprises and banking sectors need to authenticate their customers for obvious reasons. Here too, the personal phone number is the gatekeeper. Nothing moves without it. Losing your phone number can be akin to losing your identity. Try to make adjustments to official documents like Aadhar, PAN, bank account etc., or access government-issued documents without a phone-based authentication. I am not suggesting that official documents should be available without authentication. Instead, the authentication process should not be held hostage to a meagre phone number.

Phone number is personal, ubiquitous, and readily accessible. Yet, the same attributes that make a phone number so powerful make it vulnerable. It does not seem right that the same phone number used to access someone’s government information is stored in an unsecured portal of a company selling t-shirts. A cloned sim card or a compromised phone number can impose a significant security breach on an individual’s privacy, finances, and personal identity.

E-com or phone apps should restrict themselves from collecting customers’ phone numbers. Customers should be able to choose between an email or a phone number as their preferred mode of communication. Any e-com or phone app that stores phone numbers should comply with the same level of data security as credit cards. B&M stores should not be allowed to collect customers’ phone numbers barring very few exceptions. A customer should have a legal right not to share his/her phone number, and customer registration without consent should have legal ramifications, just as in other social norms where consent is integral. Government or banking organizations may expand their authentication algorithm to make it more inclusive. A multi-dimension authentication which includes verticals like phone numbers, email, personal questionnaires, fingerprint or facial recognition etc., will make transactions more flexible yet secure. 

And I hope there will be a day when I can finish a three-hour surgery without getting interrupted by an unsolicited call.

These pieces are being published as they have been received – they have not been edited/fact-checked by ThePrint.