Received some CVL KRA message

Received this message earlier today:

This Zerodha article says that I need to click on the link if I get this message but how can I be sure this is not just some phishing attempt. I see lots of people on Twitter wondering the same thing:

Mahesh :india: on Twitter: “Folk are getting sms from “CVL” to click on a link and verify mobile How can anyone know if clicking on such links will not compromise their phone.” / Twitter

This is some new thing, so even if it’s genuine, there should have been some proper communication from the authorities that so & so message will be received & one needs to verify. @ShubhS9, haven’t yet clicked on this. What would happen if I don’t? Can account possibly get deactivated or something?

Has anyone on this forum received this as well?

1 Like

I received and actioned based upon that z article

1 Like

Even i received it

I also got one, but only SMS no email.

I got too, only sms. Have not done anything yet. Looked suspicious, really brain dead way to work from these guys. There was no context for this, no warning and i did not initiate it. Only people who fall for phishing would click on the link. To send genuine stuff in this manner is very unprofessional.

1 Like

+1 looked really suspicious & also that text msg came in post-midnight…

Recently, the Securities and Exchange Board of India (SEBI) issued guidelines to the KYC Registration Agency (KRA) to validate the client details of those who are onboarded for trading at the securities market. The purpose of this move is to prevent any illegal transactions at the root level and establish a robust KYC process at the industry level.

Following this, CVLKRA, one of the KRA has started validating KYC details by sending an email and SMS to clients as they are instructed to carry out the validation independently. To validate your KYC details, you can visit -

CVL KRA Circular for reference:

Today, every account, while onboarded, must be KYC verified before the client can trade. Since this wasn’t the practice for earlier onboarded clients, KRA has been instructed to revalidate.


W.r.t to the SMS and email templates, yes, we understand this might look suspicious, especially for a client new to KYC terms. We have passed the feedback to KRA to adopt better mechanisms to handle this.

For your reference, the email and SMS details are provided in this link: Why did the KYC Registration Agency (KRA) send an email and SMS informing about KYC details validation?. As a precaution, please ensure that you do the necessary sanity checks before clicking on any links.


I have only received SMS. Should I manually verify KYC because I didnt get an e-mail or wait till I receive one? Thanks Boss.

Search in the e-mail, I searched and found an e-mail dated many days back so was burred under other emails. You might have received one, It was a little bit of hassle but just manually check you might find the email. Then just click on the link and it says email validated or something.


Have the same query, @Alwin. Have clicked on the mobile link but didn’t receive any email…

I went ahead & tried to do it manually. On the KYC, my city is Delhi, but on the Aadhar, it’s South West Delhi. And there’s a matching score after this, which gave me 0 just because of this minor discrepancy.

Similar issue with my actual address. Then because there are two matching scores in red, at the bottom, it says: “The Matching Score in 1 or more fields did not meet the required score. The KYC may not get validated.”
Seeing this, I backed out for now.

This whole thing is such a mess. First the random links without any prior communication. Then the validation not possibly getting accepted because of some flimsy reason.

If I have to do it manually, should I go ahead or not?

Update: Found the email sent more than 3 weeks back. Point still stands though…

1 Like

Ever since KYC started, i think i have had some KYC event once or twice every year. Not saying KYC is bad, but it could have been done better …

I went through it as well through link in Z support article. Was simple enough and in the end i got lucky that my address matched enough to get score of 51.5. KYC address had more details than aadhar. Validation was successful.

Thanks, that helped. I had actually checked all emails for the last week previously, but this had come more than 3 weeks back.

Yeah, some banks have started doing it annually as well. But it’s much better managed…

so i searched my mailbox found the mail burried deep under over 2 wks back…

But before that I tried to manually verify KYC using that link

PAN, mobile & email adresss fields were fine - finished OTP for both email + phone). But when it led me to that aadhar number screen, i got cold feet… didn’t complete the online aadhar OTP verification.

Then went back to that text msg on cell phone, clicked on link & lo! phone number validated successfully.
Repeated with email by clicking on the link in mail & mail address validated successfully. Was as simple as that- just click the links in the text msg/ email. But yeah, horrendous process of communicating & getting things done.
There is zero communication & anyone in their right mind will think its a phishing link.

Here’s what happened with me wrt HSBC… They started mailing me from June 2022 asking to do re-kyc. Gentle, polite mails. Gave 3 options to complete the process - . But that was the time I had zero time for anything in life & I was super-stressed. They gave me 90 days to complete the process.

They self-extended the deadline to 5 Jan 23 in October 2022.

They again extended the deadline to 6 March 23 in January 2023.

Guess what? They reached out to me in end of January saying: “to enable a seamless KYC refresh and basis our communication earlier to leverage KYC details available on the Central KYC Registry, we find that the Identity, Address and PAN information held in our records match with that held in the Central KYC Registry (CKYCR).”

My point is: can’t all banks follow this process? Just cross-check with Central KYC Registry. If there are no changes & if everything matches, don’t force customers to submit kyc every year…


Email and SMS both redirect you to the same page. So it’s advised to complete the verification process as instructed via email or SMS

If you have an account with Zerodha, you can complete the rekyc and update your address. This changes the address on KRA too. Once done, you can come back and validate the KYC. This will take up to 5+ days.


They don’t. I just got a short one line message screen saying successfully validated after clicking respective links.

Here’s what happened:

In India Financial regulatory body is very strict!

Not only this, it affects in several sectors including broking,banking etc…,

But at the end, it is that much strict because of naive Indians & as well as cunning business & examples of scandals on history of India!

I don’t even know if this KYC thing is even that important or not…

I’ve an old bank account with Indian Bank, don’t really use it much. The past two years, they have been sending a message saying I need to do the KYC by visiting the branch. When I phoned the branch, they said it’s just a formality message sent to everybody, and the account won’t get suspended or anything if I don’t do it. I feel it’s the same with this broker KYC thing as well. Lot of people haven’t bothered with this, and a few even deleted the message thinking it’s spam.

Guess that’s why you decided to become a monk…

@Alwin Still my old mobile number is reflected in CVLKRA but in Zerodha my updated number is shown what can be done?

Hi Gagan, this will get updated if you have already done rekyc, might take a couple more days. Do let us know if this does not update by end of this week. And if you have not done your rekyc, please do it and this will get updated.