KARACHI: The central bank on Thursday directed banks to improve digital fraud protection controls and processes by taking timely corrective and control measures, and warned that banks would be held liable for any loss of customer funds due to delays.
The directive given by the State Bank of Pakistan (SBP) is part of a major policy initiative to combat the threat of social engineering and other digital banking frauds.
“These new measures are part of wider SBP objective to enhance digital financial inclusion and promote digital financial services by creating and enhancing customer trust in the safety, security and soundness of the digital banking ecosystem,” the SBP said.
With the increasing adoption and usage of digital banking in Pakistan by a large number of financial services users, fraudsters have been taking advantage of lack of awareness among customers. The SBP has been in constant consultation with the banking industry and other stakeholders to devise controls against sophisticated fraud techniques such as spoofing of banks’ official helpline numbers, SIM swap attacks, identity theft, false registrations, etc as well as focusing on consumer awareness programme by the SBP and banks.
It is worth noting that on April 14, 2023, the SBP rolled out a new and detailed set of guidelines on enhancing security of digital banking products and services. These guidelines set out a comprehensive control regime for banks to implement by December 31, 2023.
The new guidelines restrict Financial Institutions (FIs) to Formulate Digital Fraud Prevention Policy to protect their account holders and ensure effective communication of such policy. Accordingly, they will design, review and continuously improve end-to-end processes of digital fraud risk management and customer complaint management in consultation with relevant stakeholders.
According to these guidelines, FIs will design the process and application in such a way that the chances of disclosure of customer information - in whole or partially-is eliminated or minimised. Importantly, FIs will realign their processes for fraud risk management and complaint management to ensure that the dispute against the fraudulent transactions are immediately raised in Fraudulent Transaction Dispute Handling (FTDH) system.
These guidelines cover areas including governance and oversight of digital frauds, implementation of international standards and, fraud risk management solutions.
This comprehensive control regime will also cover transactional controls such as reasonable and configurable limits, to prevent, trace and stop fraudulent transactions; device registration, monitoring of fraudulent devices, accounts, transactions and incident-related controls such as post-incident follow-ups, handling of disputed transactions, protection of customer data and information such as encryption, etc.
In one of the major interventions to restrict fraudulently transferred funds from leaving the banking system, SBP has directed banks offering branchless banking wallets to restrict cash-out, mobile top-up and or other online purchases from incoming fund transfers for two hours.
A new liability shift framework is also part of these instructions, where banks are required to compensate the customers due to delay on their part in taking timely remedial and control measures such as delay in blocking digital channels, delay in raising dispute requests, etc.