PTBP Web Desk

The State Bank of Pakistan (SBP) has introduced new guidelines for banks and microfinance banks (MFBs). These directives aim to enhance customer notification systems and improve transaction security across mobile banking apps. Scheduled to take effect on January 1, 2025, the new measures address growing concerns about fraudulent activities in the digital banking landscape.

The rise in digital banking products and services has accelerated Pakistan’s transition toward a more digitized financial ecosystem. As customer reliance on digital platforms increases, so do the risks of fraudulent transactions. To address these challenges, SBP has developed comprehensive control measures, enabling financial institutions to secure digital banking channels.

The recently announced guidelines include several key changes to improve transaction security and customer communication. Banks and MFBs that have implemented the earlier security measures issued by SBP are now authorized to replace One-Time Passwords (OTP) delivered via SMS with Transaction PINs (TPIN) or Financial PINs (FPIN) for financial transactions made through banking apps or internet portals.

In addition, financial institutions must provide free transactional alerts through push notifications, in-app notifications, and email alerts for transactions conducted via mobile banking apps. This change eliminates reliance on SMS notifications, which are increasingly vulnerable to fraud.

To ensure uninterrupted service, SBP has mandated that push and in-app notifications on mobile apps remain enabled at all times. Furthermore, banks and MFBs are required to maintain comprehensive logs of transaction notifications. These records will be crucial in resolving disputes or claims involving unauthorized transactions or fraud.

SBP’s new directives emphasize customer-centric measures to safeguard users’ financial data and funds. Banks and MFBs must follow specific templates for transactional notifications, superseding earlier instructions outlined in PSD Circular No. 3 issued on May 9, 2018.

Moreover, under the liability framework specified in BPRD Circular No. 04 of 2023, financial institutions are now fully accountable for compensating customers affected by fraud or unauthorized transactions conducted through mobile apps.

SMS-based fraud remains a persistent issue globally, with cybercriminals exploiting vulnerabilities in traditional SMS notification systems. By transitioning to TPIN/FPIN-based authentication and modern notification systems, SBP aims to mitigate these risks while providing a seamless user experience.

Banking experts believe this transformation will significantly strengthen the digital banking security framework in Pakistan. The move also aligns with global best practices, offering customers greater protection against unauthorized access and fraud.

Banks and MFBs play a critical role in ensuring the successful implementation of these guidelines. Their responsibilities include:

• Ensuring Secure Transactions: Replacing OTPs with TPIN/FPIN functionality enhances user verification during financial transactions.
• Providing Free Notifications: Push and in-app notifications will deliver instant updates to customers about their transactions, fostering trust and transparency.
• Maintaining Logs: Keeping detailed logs of all transaction alerts will enable institutions to address disputes efficiently.

By adhering to these measures, financial institutions will not only meet regulatory requirements but also enhance customer confidence in digital banking services.

Financial institutions have until January 2025 to align their systems with SBP’s new guidelines. This includes upgrading mobile banking apps, integrating TPIN/FPIN functionality, and establishing robust mechanisms for free transaction alerts.

While these changes require significant investment in technology and infrastructure, the benefits are substantial. Customers will enjoy a more secure banking environment, while banks will be better equipped to prevent fraud and unauthorized access.

The introduction of these guidelines marks a pivotal moment in Pakistan’s journey toward secure digital transformation. By addressing vulnerabilities in traditional notification systems and enhancing transaction security, SBP is setting a benchmark for financial institutions to follow.

As the deadline for compliance approaches, banks and MFBs must prioritize customer security and work collaboratively to create a safer, more reliable digital banking ecosystem.