‘Massive security loophole’: Mumbai man claims his FASTag was deactivated after transporter driver activated another

A Mumbai man has alleged a major security loophole in the FASTag system after his exing FASTag was deactivated and replaced with a new one, allegedly activated a transporter’s driver without his consent.Rushil urged NPCI and FASTag authorities to make OTP verification mandatory. (AI-generated representational image)The claim was made X user Rushil, who said the incident occurred while his car was being transported from Mumbai to Delhi. “FASTag has a MASSIVE security loophole & nobody is talking about it,” he wrote on X.In his post, Rushil claimed that the transporter’s driver was able to activate a new FASTag linked to the vehicle using his own mobile number and details. “No OTP. No owner authorization. No consent from the actual vehicle owner,” he wrote.He claimed the driver casually asked whether there was balance in the FASTag before taking the vehicle for transport. The next morning, he received a message from ICICI Bank informing him that a new FASTag had been activated on his vehicle and that his exing FASTag would be deactivated under the “One Vehicle One FASTag” policy. “Within minutes, it was blackled/deactivated,” he wrote.Rushil alleged that after several calls with customer support, he found that the new FASTag had been issued through Airtel Payments Bank. He later checked the Airtel Thanks app and claimed the FASTag had allegedly been regered using the transporter driver’s details.The user further alleged that despite being the vehicle owner, he could not get the FASTag closed because customer support informed him that only the person who activated it could request deactivation. “The actual vehicle owner has ZERO control over the FASTag – but the person who fraudulently activated it does,” he wrote.He also criticised the NHAI helpline, alleging there was no emergency block system or fraud-handling mechanism available for such cases. “No owner protection mechanism,” he wrote.Calling it a “massive security vulnerability,” Rushil urged National Payments Corporation of India (NPCI) and FASTag authorities to make OTP verification mandatory before any FASTag-related changes are approved. “At the very least, mandate OTP verification from the regered vehicle owner before ANY FASTag change is approved,” he wrote.“Pathetic support, zero accountability, and absolutely no protection for the actual vehicle owner while someone else fraudulently took control of the FASTag,” Rushil concluded.(Also Read:




