As deepfake technology becomes more advanced, India is tightening security rules for crypto users.
In a recent update issued on the 8th of January, the Financial Intelligence Unit (FIU) announced that traditional ID-based verification is no longer enough.
From the 12th of January, crypto investors in India will have to undergo much stricter checks.
Details of the FUI’s guidelines
Instead of just uploading an ID, users will need to prove they are physically present and real.
This includes live selfie checks where users must perform actions like blinking, along with biometric verification.
Crypto exchanges will also be required to collect exact location details, such as latitude and longitude, IP addresses, and complete a “penny-drop” bank verification to confirm that the user’s identity and bank account match.
Remarking on the same, Nischal Shetty, Founder, WazirX, in an email sent to AMBCrypto, said,
“Steps like penny drop method, ID verification through selfies, etc were steps WazirX already had in place as part of the customer onboarding journey.”
By combining biometric checks with location tracking, authorities are creating a digital trail that is extremely hard to fake.
Steps taken to prevent money laundering
Then, to comply with the Prevention of Money Laundering Act (PMLA), the FIU has also introduced a strict three-level compliance system.
Nearly three years after the first set of rules in 2023, these updates effectively turn crypto exchanges into closely monitored reporting entities.
While a user’s PAN card remains mandatory, it must now be supported by another government ID such as Aadhaar, a passport, or a Voter ID.
The key addition is the “live selfie” requirement, where users must perform actions like blinking or turning their head to prove they are a real person and not an AI-generated deepfake.
Echoing similar sentiments in the same email, Raj Karkara, COO, ZebPay, added,
“Measures such as liveness detection and geo-tagging during the onboarding process help strengthen user verification, improve transparency, and ensure greater accountability across platforms, aligning the industry with evolving global compliance expectations.”
How will ICO move ahead now?
Authorities have also increased scrutiny on Initial Coin Offerings (ICOs) and now classify them as high-risk activities.
To ensure a clear audit trail, the report reinforces the “Travel Rule.”
Every crypto transfer must now include sender and recipient details, making cross-border anonymity far more difficult.
The report also stresses long-term compliance and warns of serious penalties for lapses.
Meanwhile, Virtual Digital Asset Service Providers (VDASPs) must conduct ongoing due diligence, including KYC updates every six months for high-risk clients.
They must also screen users in real time against domestic and global sanctions lists.
Lastly, exchanges must store all transaction and identity records for at least five years.
These steps follow the FIU imposing ₹28 crore in fines last fiscal year, signaling the government’s intent to crack down on digital arrest scams and hawala-style crypto transactions.
What’s more?
The timing of this update coincided with Economic Affairs Secretary Ajay Seth noting that as other major jurisdictions soften their stances on digital assets, India must likewise recalibrate its long-delayed discussion paper.
He had noted,
“More than one or two jurisdictions have changed their stance towards cryptocurrency in terms of the usage, their acceptance, where do they see the importance of crypto assets.”
Thus, by implementing some of the most stringent onboarding and reporting standards globally, India is attempting to secure its own borders without waiting for an elusive global consensus.
Final Thoughts
- By mandating live selfies, geo-tagging, and penny-drop checks, authorities are closing long-standing loopholes exploited by deepfakes and anonymous wallets.
- Long-term success will depend on how securely exchanges handle vast amounts of sensitive user data.
