Govt Issues Cyber Alert to Combat Rising KYC Scams
ISLAMABAD: The federal government has issued a cyber alert to combat rising KYC scams across the country, especially vulnerable sectors such as banking, internet and telecommunication.
KYC scams in Pakistan involve fraudsters posing as representatives of banks or financial institutions, tricking individuals into sharing personal and financial information under the guise of “Know Your Customer” (KYC) updates. These scams often occur via phone calls, SMS, or emails, where victims are asked to provide sensitive details such as CNIC numbers, bank account credentials, or OTPs. Once obtained, this information is used for unauthorized transactions or identity theft.
The government and financial authorities have repeatedly issued warnings, urging the public to avoid sharing personal data and verify communication sources to protect against such cyber threats. However, the country is continuing to witness a surge in such cases, prompting the Cabinet Division to issue a detailed advisory for the general public.
The advisory, titled “Strengthening KYC Processes for Cybersecurity Compliance and Threat Mitigation” (Advisory No. 20), points out vulnerabilities in the API services offered by Critical Information Infrastructure (CII) sectors. It underscores the shared responsibility of both API providers and their clients in maintaining robust cybersecurity measures.
Govt guidelines against KYC Scams
The advisory outlines key guidelines to enhance KYC processes and cybersecurity compliance, focusing on secure client verification, data protection, and proactive threat mitigation. The main points include:
Mandatory Client Verification:
Clients must be verified using official identity documents and secure digital systems, such as biometric authentication and real-time facial recognition technologies.
Enhanced Measures for High-Risk Users:
High-risk users, including those with frequent international traffic or high data usage, must undergo regular re-verification and enhanced due diligence.
Data Protection Requirements:
Encryption of client data.
Restricted access through multi-factor authentication.
Continuous monitoring of user behavior to identify and flag suspicious activities.
Collaboration for Threat Detection:
The advisory emphasizes working with cyber threat intelligence sources to identify and address emerging threats like phishing and malware attacks.
Recommended Security Measures:
Conducting employee and client awareness programs.
Implementing robust incident response plans.
Carrying out regular third-party security audits.
Privacy and Trust Building:
Transparency in data collection, consent-based processes, and limiting data collection to the minimum required are highlighted as essential for maintaining customer trust and complying with privacy regulations.
The advisory stresses the importance of enforcing strict KYC policies to address national security concerns, ensuring that internet services cannot be accessed anonymously and potentially misused for cyberattacks or disinformation campaigns. It also recommends working closely with the Pakistan Telecommunication Authority (PTA) to implement lawful internet shutdowns or monitoring during security threats, with a strong emphasis on maintaining transparency throughout the process.