Muhammad Luqman

LAHORE, Nov 05 (INP-Wealth Pakistan) – Increasing incidents of digital fraud are posing a serious obstacle to Pakistan’s aspiration to become a cashless economy, reports Wealth Pakistan. Currently, the digital infrastructure of the State Bank of Pakistan (SBP), commercial banks, and other financial institutions supports 226 million bank accounts and 46 million RAAST IDs nationwide.

The government aims to fully digitize its payment systems by next year. However, the banking community believes that despite substantial investment in digital transformation, the growing cybercrime incidents pose a major challenge to consumer trust and the financial system’s stability.

According to the recent Global State of Scams Report 2025, digital fraud is estimated to cost Pakistan’s economy around $9.3 billion annually. “When customers lose money or fear digital channels, they revert to cash, ultimately eroding trust. This slows the adoption of mobile banking and digital wallets,” said Nazish Ali, Chief Executive Officer of Apna Microfinance Bank.

In an interview with Wealth Pakistan, he said the most common cybercrime techniques used in Pakistan’s banking sector include phishing, smishing, and vishing, which trick the customers into revealing their credentials and one-time passwords (OTPs) through deceptive emails, SMS messages, and phone calls.

Fraudsters also use SIM-swapping to hijack OTPs and gain access to bank accounts. ATM and debit card skimming remains another threat, enabling criminals to clone cards and steal data from terminals. Hackers exploit vulnerabilities such as weak input validation, exposed admin portals, broken authentication systems, and insecure third-party integrations to execute unauthorized transactions.

“Along with targeting customers, scammers attack banks' trusted systems and transfer funds to mule accounts from where they withdraw cash through ATMs,” Ali added. On the defensive side, Pakistan’s regulatory framework is relatively strong. The SBP has issued security guidelines for banking applications, mandated incident reporting protocols, and strengthened security controls. The Pakistan Banks Association and 1LINK also run awareness campaigns.

“Despite these measures, gaps persist—particularly in customer awareness, telecom security, third-party risk management, and monitoring systems,” Ali cautioned. Cybersecurity specialists agree that enforcement remains weak. Pakistan’s cybercrime units often lack expertise and staffing, creating room for fraudsters to operate. “Hackers breach the banking systems in Pakistan by exploiting technical vulnerabilities, human errors, and regulatory loopholes,” said Attique Ahmad, a Lahore-based cybersecurity consultant.

The fear of fraud is one of the main reasons many merchants and consumers still prefer cash, he added. He noted that many banks continue to operate outdated core banking platforms and APIs lacking modern encryption, making them susceptible to interception and hacking. Internal breaches also pose a danger, with cases of employees selling customer data on the dark web.

Cybercriminals have also developed fake apps, mimicking services like JazzCash, Easypaisa, and other mobile banking platforms to steal user credentials, posing a significant risk to branchless banking. “Combating digital fraud requires joint action from the SBP, banks, financial institutions, and consumers,” Ahmad emphasized.

Credit: INP-WealthPk