WhatsApp usernames face India’s fraud test

WhatsApp usernames
WhatsApp usernames protect phone numbers, but India wants answers on impersonation, fraud, and traceability before rollout.

WhatsApp usernames: Meta-owned WhatsApp has begun reserving usernames, a feature that will let users contact others without first sharing phone numbers. The appeal is clear. A phone number is no longer just a contact detail. It is tied to banking, identity checks, spam databases, delivery apps, work groups, and family networks. Giving it to a stranger can expose more than a user intends.

WhatsApp says usernames will not replace verified mobile numbers. The phone number will still sit behind the account. The username will become an additional identity layer, visible when a user chooses it. The company also says usernames will not be searchable. A person must know the exact username before making contact. An optional username key is meant to stop unknown users from reaching someone merely because they know the handle.

READ | WhatsApp spam calls: India seeks to protect users

WhatsApp usernames and identity fraud

The Indian government is not objecting to privacy. It is asking what happens to traceability when millions of users begin talking through handles instead of numbers. MeitY has asked Meta to pause the rollout until consultations are held with the Ministry of Home Affairs and other messaging platforms. Meta has been asked to explain how the feature will work and what safeguards will stop abuse.

The question is not theoretical. India’s digital fraud problem has moved from stray phishing messages to organised operations that use messaging apps, fake identities, screen sharing, mule accounts, and social pressure. Fraudsters impersonate bank officials, police officers, courier firms, tax departments, relatives, employers, and customer-care agents. MHA’s cybercrime machinery now sits inside a system where financial fraud can move faster than police paperwork.

A phone number is a weak protection, but it is not useless. It points to a SIM, a telecom operator, and a KYC trail. Fraudsters can still use fake or mule SIMs, but law enforcement at least has a first thread to pull. A username lowers the visibility of that thread for the recipient. It may also make impersonation easier at the point where scams begin.

READ | The biggest digital security risk isn’t AI or cybercrime — it’s us

Digital fraud and lookalike usernames

Usernames are easy to imitate. A scammer does not need to copy a name exactly. Small changes can do enough damage. “StateBankIndia” and “StateBanklndia” may look identical to a hurried user on a phone screen. The second version can replace an upper-case “I” with a lower-case “l”. This is an old problem on X, Instagram, Telegram, and other platforms. Fake customer-care accounts have long used lookalike names to draw users into private conversations and extract OTPs, passwords, or remote-access permissions.

Messaging apps carry a different risk from public social media. Users tend to trust messages that arrive in a chat window more than posts seen in a public feed. A message from a handle that resembles an employer, a bank, or a government office can look more personal and more urgent. That is enough for many scams.

There is also a practical issue around who gets which username. Early registrants can claim desirable handles before individuals, small firms, local businesses, or civil society groups arrive. Meta says it has reserved high-profile names, including public figures, government entities, celebrities, and verified Meta accounts, along with lookalike derivatives. That still leaves ordinary users and unverified businesses exposed to confusion. Most fraud does not need to impersonate the finance minister or a famous company. It can work by imitating a local branch, a small employer, a coaching centre, or a familiar service provider.

READ | AI command centre can plug cyber governance gaps

MeitY’s pause on WhatsApp usernames

The government’s pause is defensible if it is used narrowly. India should not turn every app update into a licensing event. It should ask harder questions when a feature changes identity, discovery, and contact flows on a platform used by hundreds of millions of Indians.

WhatsApp is no longer just a messaging service in India. It is used for business communication, school groups, resident welfare associations, political mobilisation, customer service, and payments. NPCI removed the onboarding cap for WhatsApp Pay at the end of 2024, allowing the platform to extend UPI services across its Indian user base. That makes identity design on WhatsApp a payments-adjacent issue, even when the new feature is formally about messaging.

Meta’s safeguards are useful, but they shift much of the burden to the recipient. WhatsApp plans to show signals when a first message arrives, including whether the sender is new, whether there are common groups, whether the sender is already in the contact list, and whether the message appears to come from another country. Such labels can help careful users. They may not help the elderly, new internet users, or people under pressure from a fraudster posing as police, a bank, or an employer.

WhatsApp privacy needs stronger verification

The better answer is not to abandon usernames. Phone-number privacy is a legitimate user concern. Women, journalists, small business owners, gig workers, doctors, teachers, and public-facing professionals often have to share numbers far beyond their trusted circles. A username can reduce unwanted exposure.

But privacy cannot mean weaker identity controls. Meta should explain how it will reserve names for non-verified businesses, banks, hospitals, schools, public offices, and local service providers. It should show how fast impersonation complaints will be handled, how repeat offenders will be blocked, and what account records will remain available under lawful requests. It should make high-risk first messages harder to miss, not merely label them for users to interpret.

India’s consultation should end in specific safeguards, not a vague freeze. WhatsApp should be allowed to improve phone-number privacy only if the platform does not ask the weakest user to carry the full cost of verifying a stranger.

READ | Bridging rural digital divide key to inclusive growth