Evaluating the Effectiveness of Pakistan’s Cyber Law in Mitigating  Emerging Cybercrimes in FinTech and Blockchain

Abstract

The rise of FinTech (Financial Technology) and Blockchain has significantly transformed  Pakistan’s financial ecosystem, providing access to digital payments, mobile wallets,  cryptocurrencies, and decentralized finance platforms. However, these technological  advancements have also led to an increase in cybercrimes, specifically targeting users and  businesses operating within these sectors. In response, Pakistan implemented the Prevention of  Electronic Crimes Act (PECA) in 2016, aiming to regulate cybercrimes and safeguard digital  activities. Although PECA addresses various traditional cybercrimes, its provisions are insufficient  to combat new-age threats posed by FinTech and Blockchain technologies. This article explores  Pakistan’s current cyber law framework and evaluates its effectiveness in countering emerging  cybercrimes within the FinTech and Blockchain domains. It examines prevalent cybercrimes,  including identity theft, phishing, money laundering, cryptocurrency theft, ICO scams, and  vulnerabilities in smart contracts. Furthermore, the article identifies significant legal gaps in the  existing framework and provides recommendations to strengthen Pakistan’s legal response. The  article advocates for an update to PECA to address these emerging threats and enhance cooperation  between national and international authorities to better safeguard digital financial activities.

INTRODUCTION

In the digital age, FinTech and Blockchain technologies have radically transformed global  financial systems, including Pakistan’s. As digital banking, mobile payment systems, and  decentralized finance platforms gain traction, they provide novel opportunities for financial  inclusion and innovation. However, they also expose users and financial institutions to new risks.  The lack of a robust cybersecurity framework to protect users and businesses against evolving  cyber threats poses a significant challenge to the security and sustainability of these technologies  (Dyson, Buchanan and Bell, 2019).

In response to growing concerns over cybercrimes, Pakistan introduced the Prevention of  Electronic Crimes Act (PECA) in 2016. This legal framework aimed to address the increasing  number of cyber offenses, including hacking, cyber fraud, and identity theft (Government of  Pakistan, 2016). However, while PECA provides a foundational structure for regulating traditional  cybercrimes, it falls short of addressing the complexities introduced by emerging technologies  such as FinTech and Blockchain (Moin, 2023).

The rise of digital currencies, smart contracts, mobile wallets, and online lending platforms has  given rise to unique types of cybercrimes, including cryptocurrency theft, ICO frauds, phishing  attacks, and money laundering. These crimes often exploit the decentralized nature of Blockchain  and the lack of clear regulatory oversight in FinTech (Chen, 2020; Zohar, 2021).

This article critically examines the cyber law code of Pakistan, with a specific focus on PECA,  and evaluates its effectiveness in regulating cybercrimes related to FinTech and Blockchain. The  article will explore the key provisions of PECA, identify its limitations, and propose legal reforms  to address these challenges. Furthermore, the article will provide practical recommendations for  enhancing Pakistan’s legal and regulatory framework to effectively combat the growing threat of  cybercrimes within FinTech and Blockchain ecosystems (Rana, Zulfiqar and Masud, 2024).

OVERVIEW OF PAKISTAN’S CYBER LAW

The Prevention of Electronic Crimes Act (PECA), 2016

The Prevention of Electronic Crimes Act (PECA), 2016, is Pakistan’s principal law governing  cybercrimes. The Act is designed to address the increasing number of cyber-related offenses that  have emerged with the rise of the internet, digital communication, and online financial activities.  PECA criminalizes a wide range of activities, including hacking, unauthorized access to computer  systems, cyber terrorism, online harassment, and the spreading of malicious content. Some of its  key provisions are as follows:

• Section 3: Unauthorized Access to Information Systems

This provision criminalizes any unauthorized access to an information system or network.  It encompasses hacking and the illegal retrieval of data from online platforms.

• Section 7: Cyber Fraud

This section specifically targets cyber fraud, which includes the use of online platforms or  digital tools to engage in fraudulent activities, such as identity theft, online scams, and  fraud through electronic means.

• Section 10: Cyber Harassment

Cyber harassment, such as defamation and online stalking, is criminalized under this  section. It aims to protect individuals from online abuse, particularly in the age of social  media.

• Section 25: Data Breaches

This provision addresses the unauthorized disclosure of personal or sensitive data, making  it illegal for any person or entity to gain or disclose information without consent.

While PECA represents a significant step toward regulating online offenses, its application has  limitations when it comes to newer technological advancements such as FinTech and Blockchain.  For instance, PECA fails to comprehensively address cybercrimes involving cryptocurrencies or  decentralized applications, which are at the forefront of FinTech and Blockchain developments.

Limitations of PECA in Addressing Emerging Cybercrimes

Although PECA covers traditional forms of cybercrime, it does not account for the new kinds of  threats that emerge from decentralized financial technologies and blockchain applications. Some  of the gaps in PECA include:

• Cryptocurrency Crimes

PECA lacks provisions specific to cryptocurrency theft, fraud in Initial Coin Offerings  (ICOs), and laundering of funds through digital assets. The law does not provide clear  mechanisms for regulating or prosecuting crimes involving digital currencies (Chen, 2020).

• Smart Contract Exploits

The smart contract system, an integral part of blockchain technology, remains largely  unaddressed under PECA. Smart contracts, if poorly written or maliciously designed, can  be exploited for fraud or financial manipulation (Zohar, 2021).

• Decentralized Systems

Blockchain operates on a decentralized ledger system, making it difficult to pinpoint  jurisdictions for prosecution. PECA lacks provisions for handling crimes that involve  cross-border transactions and anonymous actors in decentralized environments (Dyson et  al., 2019).

COMPARITIVE LEGAL FRAMEWORK

The rapid evolution of FinTech and Blockchain technologies has necessitated adaptive legal  frameworks globally. This section compares Pakistan’s cybercrime legislation with those of the  European Union (EU) and the United States (US), highlighting key differences and areas for  potential improvement.

European Union

The EU’s regulatory approach is characterized by comprehensive legislation aimed at harmonizing  cybercrime laws across member states. The General Data Protection Regulation (GDPR) and  the Markets in Crypto-Assets Regulation (MiCA) are central to this framework.

• GDPR

Establishes stringent data protection standards, including the right to be forgotten, which  poses challenges for Blockchain’s immutable nature (Belen-Saglam et al., 2022).

• MiCA

Provides a unified regulatory framework for crypto-assets, enhancing legal certainty and  investor protection across the EU (European Commission, 2022).

United States

The US employs a fragmented regulatory approach, with multiple agencies overseeing different  aspects of cybercrime and financial technologies.

• Securities and Exchange Commission (SEC)

Regulates securities, including certain cryptocurrencies deemed as securities. • Commodity Futures Trading Commission (CFTC)

Oversees derivatives markets, including crypto futures.

• Financial Crimes Enforcement Network (FinCEN)

Enforces anti-money laundering (AML) regulations applicable to digital currencies.

This decentralized approach allows for specialized oversight but can lead to regulatory  inconsistencies and complexities for businesses and consumers.

Pakistan

Pakistan’s legal framework, primarily governed by PECA 2016, has been criticized for its reactive  nature and lack of specific provisions addressing emerging technologies like Blockchain and  FinTech (Rana et al., 2024). Recent amendments, such as the introduction of Section 26-A  criminalizing the intentional dissemination of false information, have further complicated the legal  landscape (Rana et al., 2024).

CYBERCRIMES IN FINTECH

The FinTech industry in Pakistan has seen explosive growth, with digital banking, mobile  payments, and cryptocurrency exchanges becoming increasingly popular. However, this expansion  has also led to a rise in cybercrimes targeting the FinTech ecosystem. These crimes are often  perpetrated by cybercriminals who exploit weaknesses in digital platforms to commit fraud, steal  personal information, and launder money. Some common cybercrimes in the FinTech sector  include:

1. Mobile Wallet Scams

Mobile wallets have become a primary method for conducting digital payments. However, these  platforms are often targeted by scammers who exploit vulnerabilities in mobile payment systems.  Scammers often create fake mobile wallet applications that resemble legitimate ones, tricking users  into downloading them. Once downloaded, these fraudulent apps can steal users’ personal and  financial information. The Federal Investigation Agency (FIA) has reported an increasing number  of mobile wallet fraud cases, underscoring the need for stronger regulatory frameworks to protect  users.

2. Phishing and Identity Theft

Phishing attacks are another prevalent cybercrime in FinTech. Cybercriminals impersonate  legitimate financial institutions, sending fake emails or text messages to deceive users into  disclosing their banking details. This can lead to identity theft, where criminals use stolen  information to access victims’ bank accounts or commit fraudulent activities.

3. Money Laundering

The anonymity of digital transactions makes FinTech platforms attractive to criminals seeking to  launder money. Digital currencies and mobile payments facilitate the transfer of illicit funds across  borders with relative ease, making it difficult for law enforcement agencies to track suspicious  activity. Money laundering schemes often involve layering transactions through multiple  platforms, further complicating efforts to trace the origin of the funds.

4. Fraudulent Investments

FinTech platforms often offer users the opportunity to invest in digital assets, loans, and stock  market ventures. Unfortunately, these opportunities have been exploited by fraudsters who present  fake investment schemes and promise high returns, only to vanish once they have collected funds  from unsuspecting investors. PECA addresses online fraud, but its focus is broader and does not  specifically cater to the nuanced risks of digital asset investments and crypto frauds.

CYBERCRIMES IN BLOCKCHAIN

The Blockchain technology, which powers digital currencies like Bitcoin and Ethereum, has  introduced a range of new possibilities in the financial sector. However, the technology has also  created new opportunities for cybercriminals. The decentralized and pseudonymous nature of  Blockchain makes it a prime target for illegal activities. Some of the key cybercrimes associated  with Blockchain include:

1. Cryptocurrency Theft

One of the most significant threats to the Blockchain and cryptocurrency ecosystem is theft.  Cryptocurrency exchanges, digital wallets, and individual user accounts are frequently targeted by  hackers seeking to steal digital assets. Since transactions on the Blockchain are irreversible, stolen  funds are nearly impossible to recover.

2. ICO Scams

An Initial Coin Offering (ICO) is a method of fundraising for blockchain-based projects, where  investors purchase tokens that represent stakes in a new cryptocurrency or blockchain project.  However, many ICOs have been fraudulent, with organizers disappearing with the funds raised.  These scams are difficult to prosecute due to the anonymous nature of cryptocurrency transactions.

3. Smart Contract Vulnerabilities

Smart contracts, which are self-executing contracts coded directly into the Blockchain, have also  become a target for cybercriminals. Vulnerabilities in contract code can be exploited to alter the  terms of the contract or siphon off funds. This type of attack has been particularly prominent in  Decentralized Finance (DeFi) applications.

LEGAL CHALLENGES & RECOMMENDATIONS

While PECA offers a foundational approach to regulating cybercrimes, it faces several challenges  when addressing the unique aspects of FinTech and Blockchain technologies.

Challenges:  

1. Jurisdictional Issues

The global and decentralized nature of Blockchain and FinTech transactions often means  that cybercrimes transcend borders. Law enforcement agencies in Pakistan face difficulties  in pursuing criminals who operate from jurisdictions with weaker regulations or non cooperation with Pakistani authorities.

2. Lack of Technical Expertise

Pakistani authorities often lack the technical expertise required to understand and  investigate FinTech and Blockchain crimes. Specialized training and technical capabilities  are needed to detect, investigate, and prosecute these sophisticated offenses.

3. Regulatory Gaps

PECA does not comprehensively cover FinTech or Blockchain technologies. New  provisions are needed to address emerging threats such as cryptocurrency fraud, smart  contract exploits, and ICO scams.

Recommendations:

1. Amend PECA

Amend PECA to specifically address FinTech and Blockchain crimes, including  cryptocurrency theft, money laundering, and smart contract vulnerabilities.

2. Establish Cybercrime Units

Create specialized cybercrime units within law enforcement agencies with a focus on  FinTech and Blockchain technologies.

3. International Cooperation

Strengthen international cooperation to address cross-border cybercrimes and enable the  sharing of intelligence and best practices between national authorities.

4. Public-Private Partnerships

Foster public-private partnerships to develop cybersecurity standards and best practices  for the FinTech and Blockchain industries.

ROLE OF REGULATORY AUTHORITIES

Effective regulation of FinTech and Blockchain requires coordinated efforts among various  governmental bodies. In Pakistan, several institutions play pivotal roles:

• State Bank of Pakistan (SBP)

Regulates digital banking and payment systems, including mobile wallets and digital  currencies.

• Securities and Exchange Commission of Pakistan (SECP)

Oversees capital markets and corporate governance, with a growing interest in  regulating crypto-assets.

Federal Investigation Agency (FIA)

Initially handled cybercrime investigations; however, its Cybercrime Wing was  replaced by the National Cyber Crimes Investigation Agency (NCCIA) in 2024 to  enhance focus and efficiency (Moin, 2023).

1. Pakistan Crypto Council (PCC)

Established in 2025, the PCC aims to develop regulations and promote blockchain  technology and digital assets within Pakistan (Waqas, 2025).

Despite these efforts, challenges persist, including jurisdictional issues, lack of technical expertise,  and overlapping mandates among regulatory bodies.

POLICY RECOMMENDATIONS

Legislative

• Amend PECA

Update PECA to include specific provisions addressing cybercrimes related to FinTech  and Blockchain, such as cryptocurrency theft, smart contract vulnerabilities, and  decentralized finance frauds (Chen, 2020).

• Enact a Comprehensive Data Protection Law

Introduce legislation that aligns with international standards, ensuring robust data  privacy and protection mechanisms (Moin, 2023).

Institutional

Establish Specialized Cybercrime Units

Create dedicated units within law enforcement agencies with expertise in FinTech and  Blockchain technologies to enhance investigative capabilities (Zohar, 2021).

• Enhance Inter-Agency Coordination

Foster collaboration among SBP, SECP, FIA, and other relevant bodies to streamline  regulatory efforts and avoid jurisdictional conflicts (Rana et al., 2024).

Technological

• Implement Blockchain-Based AML Tools

Develop and deploy blockchain analytics tools to detect and prevent money laundering  activities in real-time (Dyson et al., 2019).

• Promote Cybersecurity Standards

Establish national cybersecurity standards for FinTech and Blockchain platforms to  mitigate risks associated with cyber threats (Legal500, 2025).

Public Education

Launch Awareness Campaigns

Educate the public on the risks associated with FinTech and Blockchain technologies  and promote best practices for digital security (Zohar, 2021).

Integrate Cybersecurity into Education Curricula

Incorporate cybersecurity education into school and university curricula to build a  knowledgeable workforce capable of addressing emerging cyber threats (Belen-Saglam  et al., 2022).

FUTURE CHALLENGES

Artificial Intelligence and Quantum Computing

The integration of Artificial Intelligence (AI) and Quantum Computing into FinTech and  Blockchain systems presents new challenges:

• AI

While AI can enhance fraud detection and customer service, it also introduces risks  related to algorithmic biases and decision-making transparency (Dyson et al., 2019).

• Quantum Computing

The advent of quantum computing could potentially undermine current cryptographic  standards, posing threats to data security and privacy (Dyson et al., 2019).

Regulatory Adaptation

To address these emerging risks, Pakistan’s legal and regulatory frameworks must evolve:

Develop Forward-Looking Legislation

Craft laws that anticipate technological advancements and incorporate flexibility to  adapt to future developments (Moin, 2023).

• International Collaboration

Engage in international dialogues to harmonize regulations and share best practices,  ensuring a cohesive approach to global cyber threats (Legal500, 2025).

CONCLUSION

Pakistan’s cyber law code, particularly PECA, provides a solid foundation for addressing  traditional cybercrimes. However, with the rapid adoption of FinTech and Blockchain  technologies, the law must evolve to address the emerging risks associated with these  advancements. By updating PECA, developing specialized law enforcement units, and enhancing  international collaboration, Pakistan can better protect its digital economy from cybercrimes.  Comprehensive legal reforms are essential to ensuring that Pakistan’s digital financial ecosystem  remains secure, resilient, and trustworthy.

REFERENCE(S):

1. Belen-Saglam R, Altuncu E, Lu Y, and Li S, ‘A Systematic Literature Review of the Tension Between the GDPR and Public Blockchain Systems’ (2022) arXiv https://arxiv.org/abs/2210.04541.
2. Chen D, ‘Blockchain Technology: A Comprehensive Guide for Law Enforcement’ (2020) Cybersecurity Journal 15(3) 28-35.
3. Dyson S, Buchanan WJ, and Bell L, ‘The Challenges of Investigating Cryptocurrencies and Blockchain-Related Crime’ (2019) arXiv https://arxiv.org/abs/1907.12221. 4. European Commission, ‘Markets in Crypto-Assets Regulation (MiCA)’ (2022) https://ec.europa.eu/info/business-economy-euro/banking-and-finance/financial markets/financial-services-consumer-protection/crypto-assets_en.
4. European Commission, ‘General Data Protection Regulation (GDPR)’ https://commission.europa.eu/law/law-topic/data-protection_en.
5. Federal Investigation Agency (FIA), ‘Annual Cybercrime Report 2023’ (2023) https://www.thenews.com.pk/print/1212750-fia-recovered-rs16bn-from-convicts-in-2023. 7. General Data Protection Regulation (GDPR) – Legal Text https://gdpr-info.eu/. 8. Government of Pakistan, ‘Prevention of Electronic Crimes Act, 2016 (PECA)’ (2016) https://nr3c.gov.pk/law.html.
6. Legal500, ‘Comparing PECA 2016 and the Personal Data Protection Bill 2023: A Critical Analysis of Cybercrime and Data Privacy Laws in Pakistan’ (2025) https://www.legal500.com/developments/thought-leadership/comparing-peca-2016-and the-personal-data-protection-bill-2023-a-critical-analysis-of-cybercrime-and-data privacy-laws-in-pakistan/.
7. Moin I, ‘Pakistan’s Evolving Legal Framework for FinTech and Blockchain’ (2023) Pakistan Journal of Law and Cybersecurity 5(1) 77-92.
8. Rana AA, Zulfiqar F, and Masud S, ‘The Legal and Regulatory Framework for Cryptocurrency and FinTech in Pakistan: Challenges and Policy Recommendations’ (2024) UCP Journal of Law & Legal Education  https://ojs.ucp.edu.pk/index.php/ucpjlle/article/download/123/88/1546.
9. U.S. Government, ‘Cybersecurity Information Sharing Act of 2015’ (2015) https://www.cisa.gov/resources-tools/resources/cybersecurity-information-sharing-act 2015.
10. Waqas M, ‘Regulatory Challenges and Solutions for Blockchain and FinTech in Pakistan’ (2025) FinTech Law Review 8(2) 34-45.
11. Zohar J, ‘Smart Contract Vulnerabilities and Cybercrime Risks in Decentralized Finance’ (2021) Blockchain Security Journal 6(4) 18-29.