5G in India demands urgent acceleration in Zero Trust security

By Rajesh Chhabra

The widespread rollout of 5G in India marks a significant milestone, with the potential to deliver ultra-low latency, high bandwidth, and empower next-generation applications, ranging from connected cars to smart factories. But as 5G creates a highway for innovation, it also expands the threat surface for cyber fraud. With more devices, identities, and transactions clustering on high-speed networks, the perimeter-based security model is no longer effective. The new normal requires a revolution in security strategy based on Zero Trust.

Zero Trust architecture reverses the security paradigm from ‘trust and verify’ to ‘never trust, always verify’. Zero Trust does not presume that anything, be it a user, a device, or an application, is secure by default. It demands constant authentication, behavioural verification, and real-time threat intelligence. With 5G eliminating geospatial and technical limitations for enterprises, Indian enterprises need to adopt Zero Trust to create scalable, secure, and future-proof digital infrastructure.

Adding Next-Gen Identity and Security Layer

One of the strongest pillars supporting this shift is SIM-level security. With 5G unlocking features such as eSIM and network slicing, telcos are best positioned to take on a larger identity verification role. Associating a SIM with a device and user, and combining that verification with payment and authentication systems, can shut down some of the attack vectors, such as SIM-swap fraud or spoofed KYC accounts. Indian telcos have started implementing SWx Diameter-based protocols for SIM authentication, but complete ecosystem integration is ongoing.

Biometric authentication, mainstream in India with Aadhaar-based services, is another essential layer. Yet, with biometric information being utilised for remote onboarding and ongoing verification, fraudsters are adapting as well, with spoofing attacks, synthetic identities, and deepfakes as actual realities. This necessitates sophisticated biometric methods, such as liveness detection and multimodal verification, that fuse fingerprint, facial recognition, and voiceprint, complemented by behavioural analysis.

Behavioural biometrics is becoming a quiet yet strong deterrent to fraud. In contrast to traditional authentication based on what you have (device) or know (password), behavioural biometrics identifies how you behave—such as typing cadence, touchscreen patterns, mouse movement, or even gait. Indian payment and fintech platforms are starting to incorporate these passive indicators into their fraud risk engines. Integrated with AI, these patterns provide real-time notifications when user activity strays from the norm, enabling pre-emptive fraud prevention.

Driving Innovation Through Cyber Startups

The question is, how prepared are India’s telcos and payment systems to welcome this change? While platforms such as UPI and FASTag have achieved a global scale, cybersecurity tends to lag. Two-factor authentication is ubiquitous, but more advanced fraud detection solutions—such as session replay analysis, device fingerprinting, and transaction-level risk scoring—are still not the norm. Regulators such as NPCI and TRAI have laid down guidelines, but enforcement and adoption continue to be patchy.

Notably, India’s startup culture is filling the gap. A new generation of cybersecurity startups is creating the middleware, APIs, and AI engines needed to implement Zero Trust in practical environments. SIMSecure is one firm that creates APIs connecting SIM data to banking platforms, while behavioural biometrics firms like BioSense provide SDKs that can be integrated into apps for ongoing monitoring. At the same time, solutions like RiskLayer combine signals from telcos, banks, and devices into real-time fraud scores, enabling businesses to make instant decisions.

Such startups introduce agility, innovation, and bottom-up knowledge of the Indian digital ecosystem. They are better positioned than traditional vendors to address the dynamic requirements of fintechs, e-commerce companies, and telcos. More importantly, they are India’s chance to develop cybersecurity solutions that are not merely home-market relevant but globally competitive.

Achieving Unified National Risk Framework

To future-proof against 5G-era fraud, organisations must integrate SIM-level trust, biometric-based authentication, and behavioural intelligence into a comprehensive risk management platform. They need to establish active collaboration among telco, fintech, cybersecurity, and vendor regulators to develop a shared security mesh. This involves investing in Zero Trust, implementing real-time verification at all touchpoints, and fostering the local cybersecurity innovation community.

5G will reshape the way we work, pay, and connect—but it will also reshape the way fraudsters work. The silver lining is that India possesses the talent, technology, and policy impetus to be at the forefront of security. Now is when we need speed. Because in the speed vs. security race, only the ones who go fast and act smart will succeed.

The author is the General Manager for India & South Asia at Acronis.