India asks WhatsApp to pause username feature rollout over fraud concerns

News imageGetty Images In this photo illustration the logo of WhatsApp is displayed on a smartphone screen.Getty Images
With more than 850 million users, India is WhatApp's biggest market

India has asked WhatsApp to pause the rollout of a new feature that would let users chat using unique usernames, saying it could increase online fraud and phishing scams.

The feature - which will let people chat without revealing their phone numbers - is expected to be rolled out to WhatsApp's three billion global users over the next few months.

In a notice, the government asked WhatsApp to explain why action shouldn't be taken against it under Indian law "for launching a feature that may increase cybercrimes".

In a statement, WhatsApp said that the feature is not yet live and that it has built in safeguards, including reserving high-profile usernames and ways to detect impersonation and scams.

With more than 850 million users, India is the biggest market for WhatsApp, owned by Mark Zuckerberg-led Meta.

The move is the latest in a series of steps by Indian authorities to scrutinise how global technology companies design and operate their products in the country.

The notice, sent on Wednesday by India's Ministry of Electronics and Information Technology, said it had taken note of WhatsApp's announcement this week allowing users to reserve unique usernames and, once fully introduced, contact other users by exchanging usernames instead of sharing their phone numbers.

The ministry said it believed the feature "may materially increase the incidence of online fraud, phishing, digital arrest scams and impersonation attacks" by allowing criminals to contact potential victims without disclosing their phone numbers.

It also warned that the feature could "facilitate impersonation and identity spoofing", including of individuals, government authorities, financial institutions and public agencies, by permitting usernames that closely resemble genuine ones.

The notice - a copy of which the BBC has seen - also asked the company "not to roll out this feature until the consultation on this point is achieved to the satisfaction of the government".

The notice cites provisions of India's Information Technology Act and the country's technology rules governing intermediary due diligence, identity theft and impersonation offences.

Cybercrimes and digital fraud are a big concern in India, where millions use digital platforms and payment options every day but often without enough awareness of online safety.

Nearly 102,000 cybercrime cases were registered in 2024, the latest year for which federal data has been published, up by 18% from the previous year. Nearly three-quarters of those cases involved online fraud.

A Meta spokesperson said the company only planned to roll out the feature in phases later this year.

"To protect against impersonation, we have held the highest-profile names - think public figures, government entities, celebrities, verified Meta accounts - so they can only ever be claimed by their legitimate owners and lookalike derivatives of known names are held as well," said the spokesperson.

The company said users would still need a phone number to create a WhatsApp account and that it had built multiple safeguards into the feature as "layers of defence against scams".

"Other users need to know the exact username to message you, we will limit how many new people an account can contact, block repeated attempts to guess someone's username key, and have systems to detect and remove activity showing common impersonation and abuse patterns," the spokesperson said.

It also said recipients would be shown information about first-time contacts, including whether they were a new account, already in their contacts, shared common groups or were based in another country, to help them decide whether to respond.

The Internet Freedom Foundation, a digital rights organisation, has criticised the government's notice, saying it had "no clear basis in law".

In a statement, the organisation argued that the notice amounted to an attempt by the government to decide what software features a company could launch, even though the laws cited by the ministry did not give it that power.

"The power to require prior permission for a feature is not in the [Information Technology] Act, not in the Rules, and cannot be created by a notice," it said.

The notice is the latest in a series of changes or announcements by India aimed at increasing oversight of global technology companies.

In February, the government amended its rules to require social media platforms to remove unlawful content within three hours of being notified, replacing the previous 36-hour deadline.

Last month, authorities also temporarily banned Telegram during the retest of a national medical entrance examination.

The government argued that features such as username-based interactions and concealed phone numbers created challenges for law enforcement, a position the platform unsuccessfully challenged in court.

Follow BBC News India on Instagram, YouTube,Twitter and Facebook.