Financial Crime World

State Bank Enhances Control Measures to Protect Customers from Digital Banking Frauds

In a significant move aimed at combating digital banking frauds, the State Bank of Pakistan (SBP) has issued new guidelines for commercial banks and Microfinance Banks to improve their digital fraud protection controls and processes. This initiative is part of the SBP’s broader objective to enhance digital financial inclusion and promote digital financial services by creating and enhancing customer trust in the safety, security, and soundness of the digital banking ecosystem.

Background

As the adoption and usage of digital banking in Pakistan continue to rise, scammers have been taking advantage of customers’ lack of awareness. The SBP has been working closely with the banking industry and other stakeholders to devise controls against sophisticated fraud techniques such as spoofing of banks’ official hotline numbers, SIM swap attacks, identity theft, false registrations, etc.

New Guidelines

On April 14, 2023, the SBP rolled out a new set of guidelines on enhancing the security of digital banking products and services. These guidelines require Financial Institutions (FIs) to implement by December 31, 2023. The key requirements include:

Digital Fraud Prevention Policies

  • FIs must formulate digital fraud prevention policies to protect their account holders
  • Effective communication of such policy to customers is also required

End-to-End Processes

  • Design, review, and continuously improve end-to-end processes of digital fraud risk management and customer complaint management in consultation with relevant stakeholders
  • Minimize the disclosure of customer information

Transactional Controls

  • Reasonable and configurable limits to prevent, trace, and stop fraudulent transactions
  • Device registration, monitoring of fraudulent devices, accounts, transactions, and incident-related controls

Major Interventions

  • Restrict cash-out, mobile top-up, or other online purchases from incoming fund transfers for two hours
  • New liability shift framework where banks are required to compensate customers due to delays in taking timely remedial and control measures

The circular issued by the SBP can be accessed at: https://www.sbp.org.pk/bprd/2023/C4-Annex.pdf