Security Issue : Details in Client Master Report / CMR

I am planning to close my trading account with a online platform and move the holdings to Zerodha. The old platform has asked for the CMR of Zerodha to facilitate transfer.

While I am aware that this is a standard process followed by the industry, the details captured therein are enough for most criminals to get thru the most confidential databases be it banks, other brokerages, ESIC details etc. and initiate fraudulent transactions.

It is staggering that such sensitive information is printed on a piece of paper and is expected to be physically shared between depositories without any data security norms in place - all this when the only scrap of information required is the client ID!

Should this process not be changed ???

Yep, agree.

@Venu.Madhav @siva can we check and post if there is any other way to do this?

I am about to initiate the process for closure of one of my depository accounts - should I hold off for a while if there is an alternative that you guys can come up with? Am ok waiting for a few weeks if it helps keeps my confidential data, confidential :slight_smile:

Here’s an extract from CDSL’s operating instructions that specifies the process of initiating a closure-cum-transfer:


Accordingly, a copy of the CMR of your new demat has to be presented to the DP where you are closing your account. A DP essentially will have to verify the name of the beneficial owner, the PAN to ascertain that the holder is the same and the account number to initiate the transfer.

While I understand the privacy concerns, the regulations were probably set a few years back when data privacy laws were non-existent. For now, you could speak to the DP where you are submitting our CMR if they would be alright if you blacked out all the other fields barring the ones mentioned above needed for verification.

We’ll take this up with the depository ourselves, however, it would be effective if this concern was raised directly by the investor. I suggest you send them an email on giving necessary feedback.


I will be doing this. Unfortunately, like most online shops these days which make onboarding easy, leaving the service is usually tiresome requiring multiple visits to far off inconveniently located offices. Lets see if they accept it - every visit takes up time and money.

I was hoping that if there are no clear regulations as to the contents of the CMR, if I could be provided with the bare minimum, plus maybe a little more innocuous information.

@nithin, as a thought leader in this industry, is this a worthy enough cause for you to champion?

As I’ve said earlier, we’ll definitely take this up with the depositories.

Look forward to an update, whenever CDSL decides to take the time to respond.