The State Bank of Pakistan (SBP) has issued new directives to banks and microfinance banks (MFBs) to bolster the security of financial transactions conducted through mobile apps and internet banking portals. The central bank has mandated the replacement of one-time passwords (OTPs) sent via SMS with Transaction PIN (TPIN) or Financial PIN (FPIN) functionality by January 1, 2025.
In a circular released earlier today, SBP also instructed banks to provide free-of-cost transaction alerts via push notifications, in-app notifications, and email alerts instead of SMS. These changes aim to enhance customer convenience and reduce dependency on SMS-based authentication, which has been increasingly targeted by fraudsters.
Notifications to be Enabled Permanently
The SBP emphasized that banks and MFBs must ensure that in-app and push notifications on mobile banking apps remain permanently enabled. Additionally, financial institutions are required to maintain comprehensive logs of transaction alerts and provide these logs in case of disputes or claims.
“The Banks/MFBs shall ensure that in-app/push notifications on mobile apps of their customers shall always remain enabled. Further, Banks/MFBs shall maintain complete logs of transaction notifications sent to their customers and make them available in case of disputes or claims,” the circular stated.
Standardized Notifications and Customer Protection
The SBP has provided standardized templates for transaction notifications in an attached Annexure A, superseding earlier instructions issued in PSD Circular No. 3 of May 9, 2018. The regulator has also reiterated that banks/MFBs will be held liable for compensating customers in case of fraud or unauthorized transactions under the liability framework outlined in BPRD Circular No. 04 of 2023.
Effective Date
The updated guidelines will take effect from January 1, 2025, giving financial institutions sufficient time to comply with the new security and notification protocols.
This move reflects SBP’s ongoing efforts to enhance cybersecurity and protect consumers amid the evolving digital banking landscape.