KARACHI: The State Bank has warned banks that they would be held responsible for lost account holder funds if they failed to take preventive measures to combat social engineering and other digital banking frauds on time.
“Banks are required to compensate the customers due to delay on their part in taking timely remedial and control measures such as delay in blocking digital channels, delay in raising dispute requests, etc.,” the central bank said in a statement on Thursday.
The number of complaints against fraud, particularly about digital transactions, has been increasing fast, as reflected in a banking ombudsman’s report.
The State Bank of Pakistan (SBP) has now directed commercial banks and microfinance banks to improve their digital fraud protection controls and processes to combat social engineering and other digital banking frauds.
It warned that banks would be held responsible for the loss of any customer funds due to delays on their part in taking timely remedial and control preventive measures.
“These new measures are part of wider SBP objective to enhance digital financial inclusion and promote digital financial services by creating and enhancing customer trust in the safety, security and soundness of the digital banking ecosystem,” it said.
“With the increasing adoption and usage of digital banking in Pakistan by a large number of financial services users, fraudsters have been taking advantage of the lack of awareness among customers,” it said.
The SBP said it had been in constant consultation with the banking industry and other stakeholders to devise controls against sophisticated fraud techniques such as spoofing of banks’ official helpline numbers, SIM swap attacks, identity theft, false registrations, etc. as well as focusing on consumer awareness programme by SBP and banks.
The SBP rolled out a new and detailed set of guidelines for enhancing the security of digital banking products and services.
“These guidelines set out a comprehensive control regime for banks to implement by December 31, 2023,” it said.
The new guidelines restrict financial institutions from formulating a digital fraud prevention policy to protect their account holders and ensure effective communication of such policy.
Accordingly, they will design, review and continuously improve end-to-end processes of digital fraud risk management and customer complaint management in consultation with relevant stakeholders.
In one of the major interventions to restrict fraudulently transferred funds from leaving the banking system, the SBP has directed banks offering branchless banking wallets to restrict cash-out, mobile top-up and or other online purchases from incoming fund transfers for two hours, the central bank said.
Published in Dawn, May 19th, 2023
Dear visitor, the comments section is undergoing an overhaul and will return soon.