KARACHI, (UrduPoint / Pakistan Point News - 18th May, 2023 ):The State Bank of Pakistan, on Thursday, directed commercial and microfinance banks to improve their digital fraud protection controls and processes in order to prevent the customers from financial loss.

The central bank in the major policy directive aimed at combating social engineering and other digital banking frauds also warned all banks that they shall be held responsible for the loss of any customer funds due to delay on their part in taking timely remedial and preventive measures.

According to a statement issued here, the new measures were part of SBP's wider objective to enhance digital financial inclusion and promote digital financial services by creating and enhancing customer trust in the safety, security and soundness of the digital banking ecosystem.

The new guidelines required financial institutions (FIs) to formulate Digital Fraud Prevention Policy to protect their account holders and ensure effective communication of such policy.

The guidelines cover areas including governance and oversight of digital frauds, implementation of international standards and, fraud risk management solutions.

In one of the major interventions to restrict fraudulently transferred funds from leaving the banking system, SBP has directed banks offering branchless banking wallets to restrict cash-out, mobile top-up and or other online purchases from incoming fund transfers for two (2) hours.

Accordingly, the FIs would design, review and continuously improve end-to-end processes of digital fraud risk management and customer complaint management in consultation with relevant stakeholders, the statement added.

With the increasing adoption and usage of digital banking in Pakistan by a large number of financial services users, fraudsters have been taking advantage of lack of awareness among customers.

SBP had consulted with the banking industry and other stakeholders to devise controls against sophisticated fraud techniques including spoofing of banks' official helpline numbers, SIM swap attacks, identity theft and false registrations.

The central bank on April 14, 2023, rolled out a new and detailed set of guidelines on enhancing security of digital banking products and services through a comprehensive control regime that would be implemented by banks by December 31, 2023.

According to these guidelines, process and application of FIs would be designed to eliminate or minimise chances of disclosure of customer information while their processes for fraud risk management and complaint management would also be realigned to ensure that the disputes against the fraudulent transactions are immediately raised in Fraudulent Transaction Dispute Handling (FTDH) system.

The SBP spokesperson informed that the comprehensive control regime would also cover transactional controls such as reasonable and configurable limits to prevent, trace and stop fraudulent transactions.

Device registration, monitoring of fraudulent devices, accounts, transactions and incident-related controls such as post-incident follow-ups, handling of disputed transactions, protection of customer data and information such as encryption were also part of new measures.

A new liability shift framework is also part of these instructions, where banks are required to compensate the customers due to delay on their part in taking timely remedial and control measures such as delay in blocking digital channels, delay in raising dispute requests.