SBP Enhances Digital Banking Security with TPIN/FPIN Implementation
In a major move to strengthen the security of Pakistan’s digital banking ecosystem, the State Bank of Pakistan (SBP) has issued new directives aimed at replacing the current SMS-based One-Time Passwords (OTPs) with a more secure method. This change will see the introduction of Transaction PINs (TPIN) or Financial PINs (FPIN) for financial transactions carried out through banking apps or internet portals. By 2025, Pakistan’s mobile banking system will fully adopt TPINs/FPINs.
Digital Banking Gets Smarter: SBP Mandates TPIN for Safer Transactions
Starting from January 1, 2025, SMS-based OTPs will no longer be used for mobile or internet banking transactions. Instead, customers will be required to verify transactions using TPINs or FPINs. This initiative is designed to mitigate the risks of interception and fraud commonly associated with SMS-based OTPs. Additionally, to enhance communication, banks will replace SMS transactional alerts with free push notifications, in-app alerts, and email notifications.
Increased Customer Trust and Accountability
To further build customer confidence, SBP has mandated that banks be held liable for compensating customers in the event of fraud or unauthorized transactions conducted via their mobile banking platforms. Banks will be required to maintain comprehensive logs of all transaction notifications to assist in resolving disputes. SBP has also introduced standardized templates for transaction notifications, ensuring clear and consistent communication across all banks and microfinance banks (MFBs).
Addressing Vulnerabilities in SMS OTPs
The transition to TPIN/FPIN-based authentication addresses significant vulnerabilities in the SMS-based OTP system. OTPs have been prone to interception through methods such as SIM swaps and phishing attacks. By adopting these new security measures, SBP aims to strengthen the overall security of digital payment systems and align Pakistan’s digital banking practices with global security standards.
Long-Term Benefits of the New Security Measures
While transitioning to TPIN/FPIN-based authentication may require some initial adjustments, the long-term benefits are clear. These changes will reduce the risk of fraud, enhance the security of financial transactions, and improve the accountability of financial institutions in digital banking. Through these advancements, SBP is ensuring a safer and more secure digital banking environment for Pakistan’s consumers.
