A major financial fraud has surfaced after a citizen’s duplicate SIM was illegally issued, enabling cybercriminals to withdraw Rs. 8.5 million from his bank account.
According to details, a citizen named Sunny Kumar lodged a complaint with the NCCIA, which was registered under inquiry number 2098/25. Kumar stated that on September 29, 2025, between 7 and 8 p.m., while he was in Karachi, his SIM card suddenly stopped working.
The next day, when he visited his mobile company’s business center in Karachi, he was informed that a duplicate SIM had been fraudulently issued in Hyderabad, without his biometric verification. The SIM was also linked to his bank account.
Upon checking his account, Kumar discovered that over 100 unauthorized transactions had been made overnight, transferring Rs. 8.5 million to multiple accounts. NCCIA officials said the complainant also provided evidence supporting his claim. Subsequently, both the private bank and the cellular company were asked to share relevant records, but neither provided the required information in full.
READ MORE: Lawmakers Slam Poor Mobile Signals Across Pakistan
The agency summoned the concerned bank branch manager, but instead, a relationship manager appeared and submitted only partial records, including the victim’s bank statement. The NCCIA directed the bank to produce the complete documentation, but it failed to comply.
Similarly, the cellular company’s head of compliance was repeatedly asked to furnish records but provided vague and unsatisfactory responses. Later, the company’s Manager of Franchise Services and Governance, along with the Senior Executive of GR and Regulatory Affairs, appeared before the agency and submitted incomplete documentation.
They were asked 48 questions regarding SIM issuance procedures, security protocols, accountability mechanisms, device location tagging, and BVS (Biometric Verification System) SOPs but refused to answer, requesting more time to submit written responses.
According to NCCIA officials, the transaction patterns indicate a well-coordinated cyber-financial fraud involving unauthorized access to the complainant’s digital banking system following a fraudulent SIM swap. The agency noted that the cellular company’s criminal negligence in reissuing the SIM directly facilitated the breach, while the bank failed to act diligently. Despite biometric logins, OTP verification, and anti-fraud monitoring systems, the bank allowed several high-value transactions within hours without proper verification or red flag checks.
Officials confirmed that the illegally reissued SIM was used to gain unauthorized access to the victim’s digital banking account, resulting in the large-scale financial loss.
Via Jang
