Despite an increasing reliance on Information and Communication Technologies (ICT) platforms, cyber Space in Pakistan remains ungoverned and unguarded poses a multitude of challenges for its citizens.
Pakistan’s lack of data protection laws and incoherent cybercrime policy have resulted in gangs of scammers preying on the digital illiteracy of the masses.
A large number of Pakistanis are falling prey to digital loan sharks. Anyone who keeps an eye on the Play Store, or even watches something on YouTube, knows about this trend in Pakistan.Scores of apps are currently operating in Pakistan, luring average folks with instant credit, obviously with misleading terms.Most of the apps featuring Google Play Pakistan’s top 100 finance apps are instant credit apps, with the majority were offering loans in the local rupee and the top eight alone had estimated downloads of 15.4 million since their launch. Many are not even registered entities. Promising low interests, they lure users to borrow, often even disbursing the amounts without their confirmation. However, a sizable chunk of the amount is actually deducted at source, between 21pc and 38pc depending on the app, in the name of service and/or processing charges. That’s for 30-90 day periods by the way, sometimes even less.
Unregulated loan apps which are targeting the financially illiterate population by using excessive advertising over social media. People looking for instant loans are first asked to download an aggregator app.
The app seeks access to the user’s photo gallery and phone contact list. While the loan is sanctioned immediately, the applicant gets seven days to repay. However, they levy huge interest and processing charges.Then begins a systematic harassment of the customer for loan recovery. Morphed photographs of the defaulters and their family members are also circulated by the Loan App companies, accusing them of being cheats. In June 23, a man from Rawalpindi committed suicide after he was allegedly blackmailed by the operators of an online loan giving app.
Many unlicensed and illegal nano-lenders have cropped up on social media without any approval from the Securities and Commission of Pakistan (SECP).
This is both exploitation and deception of the finest order, while the regulator the Securities and Exchange Commission of Pakistan is completely missing in action. SECP is responsible for non-banking finance companies, but it has not initiated any probes into such illegal loan sharks operating in Pakistan.
The lack of concern for the financial wellbeing of citizens is the reason for the authorities’ indifference, and meanwhile sharks continue to prey on simple folks. Why are Pakistani authorities unable to put an end to this menace?
In Pakistan it is not uncommon for people to receive calls from individuals pretending to be bank employees over the past few years, and sometimes the callers even pretend to be calling from the State Bank of Pakistan (SBP). Scam callers are able to convincingly present themselves as bank employees, by providing personal details of their targets, begs the question: where are these criminals getting this information from?
One of the major scams in Pakistan, a banking loan scam worth over Rs 400 million, later revealed the involvement of the employees of the National Bank of Pakistan (NBP) in leaking, selling and dealing with data and criminals who operate these scams.
Last year it came to light that a gang in Gujranwala would pose as courier company staff and ask for thumbprints from the receivers of courier deliveries. The criminals would then reproduce the thumbprints on a special paper that could be used to activate a cellular phone SIM on that person’s name.They would then use the SIM to activate the banking app and withdraw money.
Online financial frauds, identity theft and phishing of information are rampant in Pakistan and most ordinary computer users are unable to detect foul play. The alarming increase in cybercrimes in the country can be gauged from the fact that the number of complaints the Federal Investigation Agency (FIA) got on a monthly basis has doubled in just four years.
Data theft and misuse is a systemic and deeply entrenched issue within digital banking in Pakistan. A gang of petty criminals in Punjab who were carrying out small-scale phone banking scams now operate as an organised ring. The criminals are based in cities in Punjab such as Sargodha, Jhang, Chiniot, Pindi Bhattian, Hafizabad, Gujrat, Chichawatna, Layyah and Sheikhupura.
Pakistan has experienced an increase in the usage of digital banking, but financial literacy still remains low. As a result, users of digital banking remain susceptible to volunteering their details to scammers if threatened or manipulated in a convincing way.
Common people are susceptible to falling for these scams because many of them receive a call from the bank UAN, which they instinctively trust. The criminals are able to do this by using ‘soft SIMs’ which have physical or hardware parts and rely on software. In Pakistan, soft SIMs are also used to scam vulnerable people into giving up their ATM pins.
Pakistan is at an increased risk of falling prey to online cyber scams due to a poor cybercrime policy, as well as a weak cyber security network. In the Global Security Index published by the International Telecommunication Union, which measures a country’s commitment to addressing cyber security issues, Pakistan was ranked 79 out of 182 countries.
Government websites, such as those of the Federal Board of Revenue (FBR) and vehicle registration departments, openly display people’s personal data. In 2021, FIA officials stated that Nadra’s data had been compromised, yet few have been held accountable.
Given the Federal Investigation Agency’s (FIA) total inability towards handling issues related to cybersecurity, Pakistan has now created the National Cyber Crime Investigation Agency (NCCIA) as a separate entity from the FIA to tackle the rising wave of cyber crime in the country. Creation of the NCCIA to replace the FIA’s cybercrime wing has only resulted in an overlap of responsibilities, leading to bureaucratic inefficiencies and confusion. It seems that the cybercrime officers of FIA have continued with the NCCIA. As it turns out, existing personnel will continue with their duties for a year until staff is appointed at the NCCIA.
Be it the FIA or the NCCIA, neither agency has the technical skills to trace cyber criminals, particularly those that use soft SIMS.
Despite having laws in place, the current system for dealing with cybercrime in Pakistan remains inefficient. Moreover, addressing cyber crimes often requires cooperation and coordination between various law enforcement agencies, a factor that has always been a challenge within Pakistan. Agencies within Pakistan do not collaborate with each other to battle cybercrime; the private sector agencies and other governmental and telecommunication forums work completely independently.
