Connect with us

Cybersecurity & Compliance

Rs 110–125 Crore NICSI Messaging Deal Under Govt Review Following Bogus Certification Allegations

Published

on

NEW DELHI: The government has initiated a review of documents submitted for a Rs 110–125 crore annual contract recently awarded by the National Informatics Centre Services Incorporated (NICSI) for SMS and messaging gateway services, following allegations that the winning vendor, OneXtel Ltd., may have submitted invalid or fraudulent certification.

Background of the Contract

In January 2026, OneXtel Ltd. was empaneled by NICSI to provide messaging services for central and state government departments, public sector undertakings, and autonomous bodies. The contract, initially spanning three years with a possible two-year extension, was expected to generate annual revenue of Rs 110–125 crore. Services under the contract include OTP-based authentication, transactional alerts, public awareness campaigns, emergency notifications, and Rich Communication Services (RCS).

NICSI, operating under the Ministry of Electronics and Information Technology (MeitY), manages government messaging infrastructure critical to large-scale citizen communication.

The Certification Controversy

The contract came under scrutiny after a whistleblower alleged that OneXtel submitted a CMMI Level 5 certification issued by UK Certification & Inspection Limited, a body not authorized by the CMMI Institute (now under ISACA) to grant such appraisals.

CMMI (Capability Maturity Model Integration) Level 5 is the highest maturity rating, indicating optimized and continuously improving processes, and serves as a key eligibility criterion for government tenders involving critical infrastructure. Only CMMI-authorized Lead Appraisers can issue valid certifications, which are publicly verifiable via the Published Appraisal Results System (PARS).

According to the complaint, neither OneXtel Ltd. nor the issuing body appears in the official CMMI partner registry or on PARS, raising questions about the certificate’s validity.

Official and Expert Insights

A senior bureaucrat, speaking on condition of anonymity, told The420.in that certifications like CMMI Level 5 are crucial for ensuring operational reliability, privacy protection, and legal compliance in government communications. Accepting an invalid certificate compromises procurement integrity, and agencies are expected to verify appraisals independently.

The officer likened reliance on unverifiable certifications to allowing someone with a fake driving license to operate a vehicle—posing legal and operational risks. Corrective actions in such cases can include disqualification, cancellation of empanelment, withholding purchase orders, or temporary debarment.

OneXtel’s Troubled Past

This probe follows previous regulatory action. In July 2024, the Department of Telecommunications (DoT) suspended OneXtel and another telemarketer, V-Con, for sending 55.5 million fraudulent or phishing SMSes to smartphone users. The suspensions followed complaints lodged on the Chakshu portal regarding malicious messaging practices.

Next Steps

The ongoing review focuses on verifying the authenticity of the CMMI certificate and assessing due diligence conducted during the empanelment process. If the allegations are substantiated, the findings could lead to contract reassessment and strengthen scrutiny of certification verification procedures in government procurement.

At the time of reporting, neither NICSI nor OneXtel Ltd. had issued an official statement regarding the complaint or the government review.

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Cybersecurity

AI-Driven Deepfake Fraud Poses Rising Threat to India’s Banking Sector, Experts Warn

Published

on

By

India’s banking and financial ecosystem is facing a rapidly evolving cyber threat as criminals increasingly deploy artificial intelligence (AI)-powered deepfake technology to carry out sophisticated fraud operations. Experts warn that synthetic voices, manipulated videos, and AI-generated identities are now being actively used to bypass security systems and deceive both institutions and customers.

Deepfakes Undermining Traditional Banking Verification Systems

Cybersecurity researchers report that deepfake-enabled fraud is becoming capable of defeating conventional authentication methods used by banks and financial service providers. These systems, which often rely on voice verification, facial recognition, or identity-based confirmation, are proving vulnerable to AI-generated replicas.

Criminal groups are now using advanced machine learning tools to create highly realistic imitations of individuals, including bank employees, relationship managers, and customers. These digital impersonations are being used to authorize fraudulent transactions, gain unauthorized account access, and manipulate real-time digital payment systems.

Experts warn that such attacks are not isolated incidents but part of a growing global trend that threatens the core trust infrastructure of digital banking.

Surge in Cyber Threat Volume and Malware Integration

Recent cybersecurity assessments indicate a sharp rise in AI-assisted cyberattacks over the past year. Between late 2024 and 2025, monitoring systems recorded hundreds of millions of threat detections, with alerts triggered every minute across financial networks.

A significant portion of these incidents involved malicious software such as Trojans and file-based infectors, often combined with social engineering tactics. These methods are increasingly being used alongside deepfake technology to enhance the credibility of fraudulent schemes.

Cybersecurity experts highlight that attackers are now combining stolen personal data with AI-generated content, making scams more convincing and harder to detect.

Experts Call for Stronger Behaviour-Based Security Systems

Security professionals are urging financial institutions to move beyond traditional password and OTP-based authentication methods. Instead, they recommend adopting advanced behavioural analytics and AI-driven monitoring systems capable of detecting unusual transaction patterns in real time.

Former Indian Police Service officer and cybercrime expert Prof. Triveni Singh emphasized that deepfake-driven fraud represents a fundamental shift in cybercrime methodology.

According to him, financial systems must evolve from static verification processes to dynamic, behaviour-based security frameworks that continuously assess risk during user activity.

He also stressed that cybercriminals are rapidly improving their techniques, making it essential for institutions to stay ahead through continuous technological upgrades.

Regulatory Pressure Under Data Protection Framework

The rise of AI-enabled fraud is also creating compliance challenges under India’s Digital Personal Data Protection (DPDP) Act, 2023, which mandates strict safeguards for handling personal data and securing digital transactions.

Banks and financial organisations face increased risks of regulatory penalties, reputational damage, and financial losses if they fail to prevent data breaches or fraudulent access attempts.

Experts believe that deepfake-based attacks are pushing regulators and institutions to rethink existing cybersecurity frameworks, as traditional compliance models may not be sufficient against AI-driven threats.

Growing Sophistication of Social Engineering Attacks

Security analysts note that deepfake technology is no longer experimental or limited to isolated cases. It has become a core tool in advanced social engineering campaigns targeting financial institutions.

Attackers typically gather personal information from data leaks, social media platforms, and public databases. This data is then used to create realistic fake identities, including voice clones and video impersonations, which are deployed to deceive victims into authorizing transactions or sharing sensitive information.

These methods are increasingly leading to large-scale financial losses and account takeovers.

India Strengthens Digital Defence Measures

India’s banking sector is currently upgrading its fraud detection and cybersecurity infrastructure in response to these emerging threats. Financial institutions are investing in AI-based monitoring tools, real-time transaction analysis systems, and multi-layer authentication mechanisms.

However, experts caution that technology alone may not be sufficient. They emphasize that cybercriminals are also evolving rapidly, creating a continuous arms race between attackers and defenders.

Global Rise of Deepfake Cybercrime

The issue is not limited to India. Around the world, governments, financial institutions, e-commerce platforms, and even public sector systems are increasingly being targeted by deepfake-enabled cybercrime.

Cybersecurity analysts describe this as a global digital security crisis, where AI is simultaneously enabling innovation and enabling new forms of fraud at an unprecedented scale.

Public Awareness Remains the Strongest Defence

Despite technological advancements, experts agree that user awareness remains a critical line of defence against deepfake scams. Individuals are advised to remain cautious of unsolicited calls, video messages, or banking instructions received through unofficial channels.

Authorities recommend verifying all financial requests directly with official bank communication channels before taking action.

As AI-generated content becomes increasingly indistinguishable from real media, experts warn that vigilance, verification, and digital literacy will play a key role in preventing financial fraud in the coming years.

Continue Reading

Cyber & Financial Fraud

Maldives Consul Hit By Credit Card Fraud During Flight, Authorities Examine Possible Data Breach Or Insider Role

Published

on

By

The Maldives Consulate is investigating a credit card fraud incident involving one of its officials while in transit, authorities confirmed on March 28, 2026. The case has prompted inquiries into whether the breach stemmed from a data leak or involved internal complicity.

The incident reportedly occurred during a flight, when the consul’s payment details were allegedly compromised. Officials have not yet disclosed the exact method of the fraud but are examining all potential vectors, including unauthorized access to travel-related systems or insider involvement.

Local and international law enforcement agencies are collaborating with the Maldives Ministry of Foreign Affairs and relevant banking institutions to determine the scope of the breach and mitigate potential financial damage. “We are conducting a thorough investigation to ensure accountability and prevent future incidents,” a spokesperson said.

Experts warn that such in-flight frauds, while rare, can exploit vulnerabilities in wireless payment systems, mobile banking apps, or compromised devices. Travel security protocols are being reviewed across diplomatic missions to strengthen protections against similar threats.

No arrests have been made, and the investigation is ongoing. Authorities have advised travelers and officials to remain vigilant about unusual activity on financial accounts and report any suspicious transactions immediately.

Continue Reading

Cybersecurity

Critical Google Chrome Zero-Day Vulnerabilities Put 3.5 Billion Users at Risk; Immediate Update Urged

Published

on

By

Google has issued an urgent security advisory for its Chrome browser after identifying two critical zero-day vulnerabilities, tracked as CVE-2026-3909 and CVE-2026-3910. These flaws could allow hackers to exploit the browser before patches are widely applied, putting an estimated 3.5 billion users worldwide, including those in India, at potential risk.

Why Chrome Is a High-Value Target

As the world’s most widely used web browser, Chrome is a primary target for cybercriminals. Browsers act as the gateway to internet activities such as online banking, email, and web applications. Exploiting vulnerabilities at this level can enable attackers to steal sensitive information, hijack sessions, or deploy malware without the user’s knowledge.

A 2025 report by Omdia for Palo Alto Networks revealed that 95% of cyberattacks originate from employee devices, emphasizing the high-risk nature of browser-level vulnerabilities.

Expert Warnings on Zero-Day Exploits

Cybersecurity specialists have raised alarms that these zero-day flaws could be leveraged for session hijacking, phishing attacks, and bypassing multi-factor authentication, potentially compromising user accounts despite advanced security measures.

“Hackers increasingly focus on browsers as entry points,” said a cybersecurity analyst. “Exploiting these vulnerabilities provides direct access to sensitive data and session tokens, making prompt updates critical.”

Google’s Advisory and Immediate Actions

Google has released a security update that addresses both vulnerabilities and strongly urges all Chrome users to install the latest version immediately. The company has withheld detailed technical information to prevent misuse by malicious actors until most users have applied the patch.

Cybersecurity experts recommend the following precautions:

  • Update Chrome immediately to the latest version.
  • Enable automatic updates to receive future security patches promptly.
  • Avoid clicking suspicious links or attachments in emails or messages.
  • Monitor accounts regularly for unusual activity and report potential compromises.

Global Implications

The alert highlights the growing importance of browser security in a world increasingly reliant on digital services. Organizations and individuals are urged to adopt proactive measures, including regular updates and cautious online behavior, to mitigate risks associated with zero-day vulnerabilities.

Google continues to monitor the situation and has assured users that it is taking steps to maintain robust security across its platforms. Timely updates remain the most effective defense against these emerging cyber threats.

Continue Reading

Trending

Copyright © 2022 420 Reports Marijuana News & Information Website | Reefer News | Cannabis News