AS Pakistan moves steadily towards digital banking and mobile-based financial services, convenience has become the defining feature of everyday transactions. This transformation has also exposed citizens to a growing form of financial crime: SIM swap fraud. In several reported cases, individuals have abruptly lost mobile network access, only to discover hours later that substantial sums have been transferred out of their bank accounts. Such incidents raise a pressing question; who bears the legal responsibility for these losses: the customer, the bank or the telecommunication operator?

SIM swap fraud typically occurs when a fraudster succeeds in obtaining a duplicate SIM card issued in the victim’s name. Once the original SIM is deacti-vated, the criminal gains control of one-time passwords (OTPs) and banking alerts. This enables unauthorised transactions to be completed swiftly, often before the victim becomes aware of the breach.

At first glance, responsibility appears diffused. Banks frequently point out that transactions were authenticated through OTP verification, implying that the system functioned as designed. Telecommunication operators maintain that SIM reissuance follows biometric verification protocols mandated by regulators. If both safeguards are well in place, how then do such frauds continue to occur?

The answer may lie in systemic weak-nesses rather than individual negligence. Customers undoubtedly have obligations: safeguarding personal information, exercising caution in sharing identity documents, and promptly reporting suspicious activity. However, it is un-realistic to expect an ordinary bank user to anticipate sophisticated schemes that may involve identity misuse, compromised retail outlets, or internal collusion. When a SIM is reissued without the genuine subscriber’s knowledge, the customer is placed at a structural disadvantage.

Telecommunication operators form a critical link in this chain. SIM issuance and reissuance are subject to biometric verification requirements intended to prevent identity abuse. If duplicate SIMs are issued without strict compliance, it raises concerns regarding oversight, internal controls, and accountability of franchise operators. Weak enforcement mechanisms or gaps in verification pro- cedures can directly facilitate financial harm.

Banks, too, operate under a duty of care. Modern financial institutions employ risk-based monitoring systems designed to detect unusual transaction patterns, rapid fund transfers, or device changes. Where large sums are transferred within a short span without triggering effective intervention, questions inevitably arise about the robustness of fraud detection frameworks.

Comparative practice offers useful guidance. In several jurisdictions, consumer protection frameworks recognise that digital banking systems are controlled and designed by institutions, not customers. Where unauthorised transactions are promptly reported, the burden often shifts to the financial institutions to demonstrate customer negligence. This reflects a broader principle: liability should cor-respond with control over the system.

Pakistan’s cybercrime and banking regulations criminalise unauthorised access and electronic fraud. However, criminalisation alone does not resolve the question of civil liability or compensation. Clearer regulatory standards may be required to determine responsibility where institutional safeguards fail. Coordination among banking regulators, telecommuni-cation authorities, and investigative agencies is essential to establish predictable accountability mechanisms.

Beyond individual cases, the broader concern is the erosion of digital trust. Pakistan’s policy direction increasingly emphasises financial inclusion and digital payments. Such ambitions depend upon public confidence.

If citizens perceive that losses arising from technological vulnerabilities will leave them entangled in prolonged disputes over liability, adoption of digital platforms may slow down. The issue, therefore, is not merely about assigning blame, but about strengthening accountability.

Waqar Ali Mahar
Karachi

Published in Dawn, May 4th, 2026