India’s Department of Telecommunications has confirmed that its AI-driven facial recognition system, ASTR, has now disconnected more than five crore fraudulent mobile connections, wiping out roughly 3.7 per cent of the world’s second-largest telecom network in what officials call the largest coordinated telecom integrity enforcement effort undertaken by any government. Announced at a DoT security conference in Hyderabad, the milestone also credits the department’s Financial Fraud Risk Indicator with intercepting ₹1,800 crore in cyber fraud. But the scale of the underlying technology, a facial database spanning 1.34 billion subscriber photographs, has begun drawing as much scrutiny as praise.
How a Face Becomes a Fraud Flag
ASTR, short for Artificial Intelligence and Facial Recognition powered Solution for Telecom SIM Subscriber Verification, was developed by the Centre for Development of Telematics between 2021 and its full-scale rollout. The system uses convolutional neural networks, the same deep learning architecture behind smartphone face unlock, to convert every subscriber photograph into a numerical embedding and compare it against every other face in the national database.
Two faces are flagged as belonging to the same person only when their similarity crosses a 97.5 per cent threshold, a deliberately high bar meant to filter out casual resemblance across India’s varied population. Since Indian law caps individuals at nine SIM connections under a single identity document, ASTR specifically hunts for faces appearing on more than nine registration records, a pattern investigators say has previously exposed fraud rings registering between 1,000 and 2,000 SIM cards using visually similar faces to slip past older, manual verification checks. Running such comparisons across 1.34 billion images required India’s Param-Siddhi supercomputing facility, with the system able to search a crore of images and return matches in under 10 seconds.
A Wider Enforcement Ecosystem
ASTR operates alongside three other modules under the DoT’s Sanchar Saathi platform. TAFCOP lets any subscriber check how many SIMs are registered against their identity and had independently facilitated 2.75 crore disconnections by December 2025. CEIR blocks lost or stolen handsets nationwide via their IMEI number, while Chakshu crowdsources fraud reports directly from citizens, having logged 7.7 lakh reported fraud communications as of February 2026. Together with the Financial Fraud Risk Indicator, which shares real-time risk scores with more than 1,000 banks and payment operators, these tools form what officials describe as an upstream defence, intercepting fraudulent SIMs before they are ever used in a scam call, rather than reacting after a victim has already lost money.
The Same Database, a Different Purpose
The concern raised by digital rights groups is not that ASTR fails at fraud detection, but that its underlying capability extends well beyond it. C-DoT’s own documentation confirms ASTR has already been used for criminal identification by law enforcement and, following the 2023 Balasore train accident, to identify roughly 165 unidentified bodies, demonstrating that the same facial-matching engine can be repurposed for entirely different state functions.
That dual-use potential collided with public concern in December 2025, when the DoT briefly mandated pre-installation of the Sanchar Saathi app on every smartphone sold in India. The Internet Freedom Foundation warned the directive risked turning every device into a vessel for software users could not meaningfully refuse or remove, and digital rights commentators cautioned that the app’s access to call records raised surveillance concerns disproportionate to its stated fraud-prevention purpose. The DoT withdrew the mandatory order within days, with Communications Minister Jyotiraditya Scindia stating that snooping was neither possible nor intended.
Weighing the System Against India’s Privacy Test
The Supreme Court’s 2017 Puttaswamy judgment established privacy as a fundamental right under Article 21, requiring any state action affecting personal data to satisfy tests of legality, necessity and proportionality. Critics argue that ASTR’s governance currently rests on executive department guidelines rather than a specific parliamentary statute defining and constraining its scope, leaving the boundary between fraud prevention and broader surveillance use dependent on administrative discretion rather than codified law.
For now, the fraud-prevention results are measurable and substantial, and regulators in other high-subscriber markets have reportedly taken note of India’s structural approach. Whether the system’s expanding capabilities remain confined to the purpose they were built for will likely depend on how rigorously India applies its own constitutional test to each new use the database is put to.
