KARACHI – A major financial fraud has come to light, where a duplicate SIM card was illegally obtained and used to access a citizen’s bank account, resulting in the theft of Rs8.5 million.
The victim, Suni Kumar, filed a complaint with the National Cyber Crime Investigation Agency (NCCIA). Kumar explained that on September 29, 2025, between 7 to 8 PM, his mobile SIM card suddenly stopped working while he was in Karachi.
The next day, he visited the mobile company’s business center in Karachi, where he was informed that a duplicate SIM had been issued in his name in Hyderabad, without his biometric verification. This SIM card was linked to his bank account.
Upon checking his bank account, the citizen discovered that a total of 100 transactions had been made overnight, transferring Rs8.5 million to multiple accounts. The funds were withdrawn illegally through fraudulent means.
NCCIA officials stated that the victim provided supporting evidence, prompting requests for records from both the private bank and the cellular company involved. However, both entities failed to provide the necessary information.
The bank’s branch manager was summoned along with the required records, but instead, a relationship manager appeared, offering only partial records and the victim’s bank statements. Despite instructions to submit the full documentation, the bank has not yet complied with the request.
Similarly, the mobile company’s compliance head was contacted, but after multiple reminders, the company provided an unclear and unsatisfactory response.
Eventually, the company’s manager of Franchise Services & Governance and a senior executive of GR & Regulatory Affairs presented partial records. When asked about the SIM issuing process, security measures, accountability, device location tagging, and BVSS SOPs, they declined to answer and requested more time to submit a written response with the remaining documents.
Authorities indicated that the pattern of the transactions pointed to a planned cyber-financial fraud, involving SIM swap activities and unauthorized access to the victim’s digital banking system. Criminal negligence in issuing the duplicate SIM facilitated direct fraud on the victim’s bank account.
Furthermore, the bank failed to act with due diligence and allowed multiple high-value transactions without proper verification, even though there were red flag alerts and security mechanisms like biometric login, OTP verification, and anti-fraud systems in place.
Officials stated that despite these safeguards, the bank allowed unauthorized access to the victim’s account, facilitating the fraud.
About the Author
