KARACHI (Kashmir English): The case involving the fraudulent withdrawal of Rs 8.5 million from a citizen’s bank account through a duplicate SIM card in Karachi has taken a new turn, with startling revelations emerging from the National Cyber Crime Investigation Agency (NCCIA) report submitted to the court.
According to the report, the incident has raised serious questions about the OTP verification system and anti-fraud mechanisms of a private bank. Investigators revealed that the duplicate SIM was issued without biometric verification, enabling over 100 online transactions amounting to Rs 8.5 million.
The victim, Sunny Kumar, was at Dolmen Mall Karachi on September 29, when his SIM suddenly became inactive. Upon visiting the telecom franchise, he discovered that a duplicate SIM had been issued from Hyderabad, which was linked to his bank account.
The NCCIA report states that the withdrawn amount was transferred to multiple accounts. Both the private bank and the telecom company have so far failed to provide complete evidence or detailed records requested by investigators, including login data, IMEI numbers, and IP addresses.
Investigators also sought details of digital banking protocols, biometric verification devices, and the franchise owner who issued the SIM. However, both institutions provided incomplete or insufficient information despite being sent 48 detailed queries.
The report concluded that the incident reflects serious lapses in digital security, pointing to systemic weaknesses in both the banking and telecom sectors that enabled the cyber financial fraud to occur.
