India AI Impact Summit Insights
All sessions

Guarding the Consumer: AI for Safety, Resilience, and Protection

Contents

Executive Summary

This panel discussion examines the paradox of financial inclusion in India: while AI and digital technologies have enabled unprecedented financial access (900 million+ UPI subscribers, 80% adult account ownership), they have simultaneously created a massive attack surface for fraud. With 30,000 crores in annual financial fraud losses and 75% of Indians encountering scams, the panel argues that consumer protection must shift from placing accountability on individuals to embedding safety into products and platforms, requiring coordinated action across technology, regulation, behavioral science, and policy.

Key Takeaways

  1. Shift accountability from consumer to institution: Regulations, products, and platforms must be designed with built-in redress and protection. Asking consumers to "know your scammer" is a failed strategy; instead, systems should be "invisible and just work" (Shamina Singh).

  2. Create scalable behavioral public goods: Government and large platforms should publish behavioral intervention frameworks (nudges, pre-bunking, lifecycle triggers) as shareable APIs/stacks so smaller organizations can deploy effective protections without reinventing them individually.

  3. Coordinate across silos: Fraud crosses WhatsApp, telecom, banking, and e-commerce platforms. Regulatory bodies (RBI, DOT, SEBI, MHA) and private firms must establish shared data, case tracking, and redress mechanisms to prevent fraudsters from exploiting fragmentation.

  4. Design for behavioral resilience + technology defense: Neither education nor technology alone suffices. Combine network-level detection (Airtel model), product-level redress (Mastercard model), and behavioral nudges (Nir's framework) in an integrated lifecycle approach.

  5. Prioritize data sovereignty without sacrificing opportunity: Keep critical government datasets on Indian infrastructure; simultaneously enable responsible data-sharing with international partners for tourism, travel, and economic growth. Compete on a "race to the top" (integrity, transparency, protection), not a "race to the bottom" (lax oversight).

Key Topics Covered

  • Scale of Financial Fraud in India: 30,000 crores annually (~₹6 lakh fraud per minute); 48 billion dollars globally; 75% of Indians encounter spam/fraud
  • Role of AI in Amplifying Fraud: Deepfakes, voice cloning, automated targeting, reduced marginal cost of deception
  • Positive AI Applications in Financial Inclusion: Account access, data-driven products, hockey-stick growth in formal economy participation
  • Telecom & Network-Level Interventions: Real-time spam detection, fraud link blocking, OTP-on-call warnings, business name display
  • Regulatory & Policy Gaps: Regulations exist on paper but lack enforcement; multi-stakeholder coordination challenges
  • Behavioral Science & Resilience: Pre-bunking, inoculation, nudges, intention-action gap bridging; difference between exposure and vulnerability
  • Consumer Trust & Redress Systems: Built-in fraud redress (like payment card chargeback), transparency, privacy, and protection principles
  • Data Sovereignty & Security: Risk of foreign-owned infrastructure hosting critical Indian data; need for Indian-operated cloud service providers
  • Ecosystem Fragmentation: Fraudsters operate across silos (WhatsApp → calls → banking), but regulation and private sector responses remain siloed
  • Business Case for Protection: Customer loyalty, brand trust, ARPU stability, long-term retention vs. short-term cost-benefit

Key Points & Insights

  1. AI has weaponized fraud at industrial scale: The sophistication and speed of scams has increased exponentially due to AI-enabled deepfakes, voice cloning, and automated targeting. What was once a manual crime is now an industry-scale operation. Fraudsters in Myanmar/Cambodia operate industrial complexes, not small shops.

  2. The margin cost of deception has fallen to near-zero: AI reduces the cost of sustained, personalized deception over weeks or months, enabling mass targeting with customization previously impossible at manual scale.

  3. Regulation lags technology; technology must lead: Pavan Bakshi noted the paradigm shift from "regulation → technology" to "technology leads → regulation follows." Companies must proactively design for safety rather than waiting for regulatory mandates.

  4. Consumer protection cannot be consumer responsibility: Multiple panelists (Shamina Singh, Pavan Bakshi) emphasized the dangerous shift of accountability to users. The onus must be on institutions to design "defensive by design" products with built-in redress (like Mastercard's fraud chargeback systems).

  5. Multi-channel, temporal fraud requires ecosystem coordination: Fraudsters traverse WhatsApp → phone calls → banking over weeks/months, crossing regulatory silos. No single platform or regulator can solve this alone; fragmented responses are insufficient.

  6. Behavioral resilience ≠ education alone: Nir Bhatnager distinguished between exposure (risk of encountering fraud) and vulnerability (susceptibility to it). Awareness training loses efficacy within six months. Effective interventions include pre-bunking, inoculation, nudges, and lifecycle-based behavioral design—not just training.

  7. Telecom operators have proven effective first-line defense: Airtel's 70% reduction in fraud losses (flagging 71 billion calls, 3 billion SMS) demonstrates that network-level interventions (real-time spam detection, fraud link blocking, OTP-on-call pause) can scale without consumer cost or data privacy invasion.

  8. Data-driven interventions should target behavior traits, not personal identity: Airtel's approach uses 250+ parameters (SIM swap, device swap, location verification, call patterns) to detect scammer behavior without identifying individuals—protecting privacy while preventing fraud.

  9. Behavioral public goods are needed: The ecosystem lacks a shared, scalable framework for behavioral interventions. Creating an API/stack model (analogous to India Stack for digital payments) would allow smaller organizations without behavioral science teams to deploy effective protections.

  10. Trust is the ultimate business case: Airtel's rebranding to "the safe network" and customer loyalty gains demonstrate that consumer protection isn't CSR overhead—it's a driver of brand trust, retention, and competitive advantage. Mastercard's 160 billion fraudulent transaction blocks (2024) represent existential risk mitigation, not cost burden.

Notable Quotes or Statements

  • Kunal Wala (Dalberg): "Six lakhs of frauds happening per minute" — illustrating the scale of India's fraud problem.

  • Shamina Singh (Mastercard): "The onus is on the consumer and that's not fair... if you are defrauded, you get your money back. The redress system is built into the product." — Arguing accountability must rest with institutions, not users.

  • Shamina Singh: "If you're not operating in that space where you are invisible and you're the process just works then that's the place we need AI to be." — On the goal of frictionless, background security.

  • Pavan Bakshi (Gates Foundation): "We need to change that and we need to be equally responsible as the consumer is... we didn't know this was going to happen. We are with you in solving this." — On shifting from blame-shifting to joint responsibility.

  • Shwa Singh (Airtel): "Scam or frauds are not isolated to one platform... till the time the entire ecosystem players they don't come together the whole problem of fraud... can't be solved in silos." — Highlighting fragmentation as a core vulnerability.

  • Nir Bhatnager (Atlas): "Resilience is the difference between exposure and vulnerability... two people have the same exposure to fraud but are differently vulnerable." — Defining behavioral resilience precisely.

  • Nir Bhatnager: "We need to create a behavioral public good, right? Almost like an API or a stack which then can scale such insight into all parts of the ecosystem." — Advocating for shared frameworks (India Stack model for behavior).

  • Shamina Singh (on data sovereignty vs. opportunity): "I believe in the sovereignty, but I also believe in the economic opportunity... we compete on financial inclusion... we don't compete for a race to the bottom." — Balancing security with growth.

Speakers & Organizations Mentioned

SpeakerRole/Organization
Kunal WalaPartner, Dalberg (moderator)
Shamina SinghFounder & President, Mastercard Center for Inclusive Growth
Pavan BakshiLead, Inclusive Financial Systems, Gates Foundation India
Shwa SinghHead, Strategy & Regulatory Policy, Bharti Airtel
Nir BhatnagerFounder, Atlas (behavior change tech platform)

Government & Regulatory Bodies Mentioned:

  • RBI (Reserve Bank of India)
  • SEBI (Securities & Exchange Board of India)
  • DOT (Department of Telecommunications)
  • MHA (Ministry of Home Affairs) / I4C (nodal scam agency)
  • TRI (Telecom Regulatory Authority of India)

Other Organizations/Reports:

  • Mastercard (2024: 160 billion fraudulent transactions blocked)
  • Consumers International (regulation study across 8 countries)
  • Global Anti-Scam Alliance (GSA) Report
  • GSM Editus Report

Technical Concepts & Resources

AI & Fraud Technologies

  • Deepfakes & Voice Cloning: Enabling personalized scams at scale; AI reduces marginal cost of deception to near-zero
  • Automated Targeting: AI enables scammers to assess contextual knowledge, language, financial background, and persuasion tactics automatically

Detection & Intervention Technologies

  • Real-time Spam Detection (Airtel, Sept 2024): Voice + SMS caller flagging during live calls
  • Fraud Link Detection (Airtel, May 2024): Blocking malicious URLs before they open on network, regardless of delivery channel (SMS, WhatsApp, Telegram, Instagram)
  • OTP-on-Call Intervention (Airtel, Jan 2025): Pause/verification step when banking OTP arrives during a phone call to combat stress/duress scams
  • Business Name Display: Caller identification showing company name for promotional calls (reduces impersonation risk)
  • 250+ Behavioral Parameters: SIM swap history (30 days), device swap, location verification, unique call patterns, call-to-receive ratios

Behavioral Science Framework

  • Resilience Definition: Difference between exposure (risk encounter) and vulnerability (susceptibility)
  • Pre-bunking & Inoculation: Early exposure to scam narratives to build resistance
  • Intention-Action Gap Bridging: Interventions to convert awareness into action
  • Nudges & Lifecycle Triggers: Behavioral cues at critical transaction moments
  • Training Efficacy Decay: Awareness training loses impact within 6 months (requires reinforcement)

Policy & Governance Concepts

  • Authorized Payment Push Fraud: Victims willingly transfer funds due to behavioral manipulation (emerging in Singapore, UK where tech/regulation is strong)
  • Know Your Customer (KYC)Know Your Agent (KYA): Extending consumer protection principles to AI agents
  • Data Sovereignty: Critical datasets must reside on Indian-owned, Indian-operated cloud service providers (CSPs)
  • Behavioral Public Good / API Stack: Shared, scalable framework for fraud prevention (analogous to India Stack for digital payments)

Datasets & Metrics

  • India's Digital Fraud Scale:
    • 30,000 crores (~$3.6 billion) annually
    • ₹6 lakhs (~$7,200) per minute
    • 75% of Indians encounter spam/fraud yearly
    • 119 average scam encounters per individual (multi-platform)
  • Global Fraud: $1.3 trillion lost; 48 billion from India
  • Mastercard 2024: 160 billion fraudulent transactions stopped
  • Airtel 2024–2025: 71 billion calls flagged; 3 billion SMS blocked; 70% reduction in fraud losses for Airtel customers

Regulatory/Institutional Frameworks Referenced

  • India Stack (digital payments/DPI infrastructure)
  • UPI (900 million+ users; trillions of rupees daily)
  • India's DPI Case Study (referenced globally for financial inclusion)
  • Account Aggregator (data exchange infrastructure)

Limitations & Open Questions

The panel did not extensively address:

  • Victim restitution mechanisms: Who pays for fraud recovery? (Mastercard has chargebacks, but many fintechs/smaller platforms lack this)
  • Cross-border fraud prosecution: How do regulators coordinate internationally?
  • Quantifying behavioral intervention effectiveness: Cost-benefit of pre-bunking, nudges, etc. at scale
  • Liability assignment: When does responsibility fall on platform vs. user vs. regulator?
  • AI-specific regulation timeline: How quickly can rules adapt to new AI fraud vectors?

End of Summary