Mobile Banking Consent Form (Pakistan)
MOBILE BANKING CONSENT FORM
Under the Electronic Transactions Ordinance 2002 | Payment Systems and Electronic Fund Transfers Act 2007 | SBP Branchless Banking Regulations | Personal Data Protection Act 2023
Bank: [Bank Name]
Branch: [Branch Name], [Branch City]
Date: [Consent Date]
1. ACCOUNT HOLDER IDENTITY
Full Name: [Account Holder Name]
CNIC Number: [Account Holder CNIC]
Date of Birth: [Account Holder DOB]
Address: [Account Holder Address]
Email: [Account Holder Email]
2. BANK ACCOUNT DETAILS
Bank: [Bank Name]
IBAN: [Account IBAN]
Account Type: [Account Type]
3. MOBILE DEVICE AND SIM DETAILS
Registered Mobile Number: [Mobile Number]
Mobile Network Operator: [Mobile Network]
SIM Biometrically Verified (PTA): [Sim Biometric Verified]
The account holder confirms that the above mobile SIM is registered in their name via NADRA biometric verification with the Pakistan Telecommunication Authority (PTA). Two-factor authentication using this registered SIM is mandatory under the SBP Digital Financial Services Policy 2020.
4. AUTHORISED SERVICES AND TRANSACTION LIMITS
Services Activated: [Services Authorised]
Daily Fund Transfer Limit: [Daily Transfer Limit]
RAAST ID Enrollment Consent: [Raast Enrolment]
The account holder understands that RAAST enrollment links their CNIC or mobile number to the SBP national RAAST directory, enabling incoming transfers from any RAAST participant using those identifiers.
5. DATA PRIVACY CONSENT (PDPA 2023)
The account holder consents to the following data processing activities: [Data Processing Consent]
The account holder acknowledges their rights under the Personal Data Protection Act 2023 (PDPA 2023) to: access their personal data; request correction of inaccurate data; withdraw consent for non-mandatory processing; and file a complaint with the National Commission for Personal Data Protection (NCPDP) if their data rights are violated.
6. SECURITY ACKNOWLEDGEMENT
Security Responsibility: [Security Acknowledgement]
The bank is authorised to suspend mobile banking access at any time for security breaches or suspected fraud under the Prevention of Electronic Crimes Act 2016 (PECA 2016) — enforced by the Federal Investigation Agency (FIA) Cybercrime Wing.
In the event of suspected unauthorised access: contact the bank immediately to freeze the account; file a complaint with the FIA Cybercrime Wing at www.fia.gov.pk; and contact the SBP Banking Conduct and Consumer Protection Department (BCCP) at [email protected].
7. TERMINATION OF MOBILE BANKING ACCESS
The account holder may deactivate mobile banking services at any time by: visiting the branch in person; calling the bank's 24-hour customer care number; or sending a written deactivation request to the branch. The bank will process the deactivation and confirm in writing within 24 hours.
EXECUTION
I, [Account Holder Name] (CNIC: [Account Holder CNIC]), hereby give my informed consent to [Bank Name] to activate the mobile banking services listed above on my account (IBAN: [Account IBAN]), to process my personal data as described above under the Personal Data Protection Act 2023, and to send transaction alerts to my registered mobile number [Mobile Number].
This consent is given under the Electronic Transactions Ordinance 2002 — my signature below (physical or electronic) constitutes a legally binding authorisation under Section 5 of the Electronic Transactions Ordinance 2002 and the Contract Act 1872.
Signed at [Branch Name], [Branch City] on [Consent Date].
Bank Officer: [Bank Officer Name]
Bank Stamp: _________________________
Account Holder
________________
Signature
Bank Officer (Authorised Representative)
________________
Signature
What Is a Mobile Banking Consent Form (Pakistan)?
A Mobile Banking Consent Form in Pakistan evidences that consent has been freely given, identifying exactly what has been agreed to and by whom.
The Electronic Transactions Ordinance 2002 is the foundational statute for digital transactions in Pakistan. Section 5 of the Electronic Transactions Ordinance 2002 grants legal recognition to electronic documents and digital signatures, providing that information shall not be denied legal effect solely because it is in electronic form. Section 9 governs electronic contracts, confirming that offer and acceptance communicated electronically are valid contracts under the Contract Act 1872. The consent given through a Mobile Banking Consent Form — whether in paper or electronic form — is legally binding under these provisions.
The State Bank of Pakistan's Branchless Banking Regulations (most recently revised in 2023) govern the provision of mobile financial services (MFS) through branchless banking agents and mobile applications. Major banks offering mobile banking in Pakistan include Meezan Bank's Meezan Mobile App, HBL Mobile, UBL Omni, Standard Chartered Mobile Banking, and Habib Metro Bank. Digital wallet and branchless banking services such as Easypaisa (Telenor Microfinance Bank), JazzCash (Mobilink Microfinance Bank), and NayaPay (NayaPay EMI, regulated by SBP as an Electronic Money Institution under the EMI Regulations 2019) each require consent from users.
The Payment Systems and Electronic Fund Transfers Act 2007 (PSEFT Act) governs the operation of payment systems including mobile money transfers, fund transfers through RAAST (Pakistan's instant payment system operated by the SBP), and IBFT (Interbank Fund Transfers) processed through the National Institutional Facilitation Technologies (NIFT). The PSEFT Act 2007 requires all payment service providers to obtain informed consent from users before processing electronic fund transfers.
Data privacy considerations are governed by the Personal Data Protection Act 2023 (PDPA 2023), which introduced formal data protection requirements in Pakistan for the first time. Banks processing personal financial data through mobile banking platforms must comply with the PDPA 2023's requirements for consent, data minimisation, purpose limitation, and breach notification. The Prevention of Electronic Crimes Act 2016 (PECA 2016) — enforced by the Federal Investigation Agency (FIA) Cybercrime Wing — criminalises unauthorised access to electronic banking systems and identity theft, making strong consent and authentication documentation critical for both banks and customers.
Two-factor authentication (2FA) using the customer's registered mobile SIM, issued under Pakistan Telecommunication Authority (PTA) regulations, is mandatory for mobile banking logins under the SBP's Digital Financial Services Policy 2020. The Mobile Banking Consent Form must record the mobile number and the CNIC linked to the SIM through the PTA's biometric SIM verification process, confirming that only the registered account holder can activate mobile banking.
When Do You Need a Mobile Banking Consent Form (Pakistan)?
A Mobile Banking Consent Form in Pakistan is required whenever a bank account holder wishes to activate or expand their access to electronic banking services through a mobile device, and whenever the bank needs documented authorisation before processing mobile transactions on the customer's account.
A Mobile Banking Consent Form is needed when a new or existing account holder at any scheduled bank regulated by the State Bank of Pakistan applies at a branch or through an online portal to activate the bank's mobile application. The form records the customer's informed consent to the bank's mobile banking terms, the specific services authorised (balance enquiry, fund transfer, bill payment, cheque request, and so on), and any transaction limits applicable.
A Mobile Banking Consent Form is required when a corporate entity authorises a specific employee — such as the accounts manager or CFO — to access the company's corporate internet banking or mobile banking portal. Corporate mobile banking consents must identify the authorised user's name, CNIC, designation, and the scope of authority (view-only, initiation-only, or full transaction authority).
A Mobile Banking Consent Form is needed when a customer registers for a branchless banking service through an agent network — such as Easypaisa agents (operated by Telenor Microfinance Bank under SBP Branchless Banking Regulations) or JazzCash agents (operated by Mobilink Microfinance Bank). The agent records the customer's biometric consent using a fingerprint scanner linked to NADRA's biometric verification system, and the consent form documents the services activated.
A Mobile Banking Consent Form is required when a bank sends push notifications, marketing messages, or conducts automated KYC updates through the mobile banking application — the customer's explicit consent for data processing under the Personal Data Protection Act 2023 (PDPA 2023) must be documented before these activities commence.
A Mobile Banking Consent Form is needed when a customer reports unauthorised mobile banking transactions to the bank and the SBP Banking Conduct and Consumer Protection Department (BCCP) — the original consent form documents what the customer authorised, enabling the bank to distinguish between authorised and fraudulent transactions under the Payment Systems and Electronic Fund Transfers Act 2007.
What to Include in Your Mobile Banking Consent Form (Pakistan)
A valid Mobile Banking Consent Form in Pakistan under the Electronic Transactions Ordinance 2002 and SBP Branchless Banking Regulations must include the following essential elements to create a legally binding authorization and satisfy regulatory documentation requirements.
Account Holder Identity: Full legal name, NADRA CNIC number (13-digit), date of birth, and address of the account holder exactly as registered with the bank. The CNIC must match the biometric SIM registration with the Pakistan Telecommunication Authority (PTA) for two-factor authentication purposes.
Bank Account Details: Name and branch of the bank, bank account number (IBAN format: PK followed by 22 alphanumeric characters under the SBP IBAN standardisation), and account type (current, savings, or PLS savings account under the SBP's Profit and Loss Sharing framework).
Mobile Device and Number: The mobile phone number linked to the account for OTP (One-Time Password) delivery, the mobile device type and IMEI number (if required by the bank), and confirmation that the SIM is registered in the account holder's name under PTA biometric verification. The SBP's Digital Financial Services Policy 2020 mandates that mobile banking be activated only on SIMs biometrically verified to the CNIC of the account holder.
Scope of Authorised Services: An explicit list of services the account holder consents to activate — balance enquiry, fund transfer via RAAST or IBFT, bill payment through 1-Link, cheque book request, ATM card management, loan application, investment in government securities (Pakistan Investment Bonds, Treasury Bills), or foreign remittance receipt through Roshan Digital Accounts regulated by the SBP.
Transaction Limits: Daily transaction limits for various categories (single transfer, total daily outflow, international transfers), which the SBP's Consumer Protection Regulations require to be disclosed in writing before activation. Any variation from the bank's standard limits must be specifically consented to.
Data Privacy Consent: Under the Personal Data Protection Act 2023 (PDPA 2023), the form must contain specific consent for the bank to process the customer's personal financial data for mobile banking operations, to share data with authorised third parties (payment switches such as 1-Link and NIFT, credit bureaus such as eCIB, and SBP reporting systems), and to retain transaction data for the period prescribed by the SBP Anti-Money Laundering Act 2010 regulations (minimum five years).
Security Acknowledgement: The account holder's acknowledgement of their responsibility to safeguard their mobile banking PIN, password, and OTPs, and that the bank is not liable for transactions authenticated by valid OTPs — consistent with the SBP's Guidelines on IT Security. This acknowledgement is important in disputes under the Payment Systems and Electronic Fund Transfers Act 2007.
Termination Rights: The account holder's right to deactivate mobile banking services at any time by visiting the branch or calling the bank's customer care number, and the bank's right to suspend services for security breaches or suspected fraud under the Prevention of Electronic Crimes Act 2016 (PECA 2016).
Signature and Date: Physical or electronic signature of the account holder and the bank officer processing the request, with date and branch stamp. Under the Electronic Transactions Ordinance 2002, electronic signatures are legally valid.
Forms-legal.com provides this Mobile Banking Consent Form (Pakistan) template as a practical resource for bank customers and institutions. The template reflects the Electronic Transactions Ordinance 2002, Payment Systems and Electronic Fund Transfers Act 2007, SBP Branchless Banking Regulations, and Personal Data Protection Act 2023. Customers with disputes about unauthorised mobile transactions should contact the SBP's Banking Conduct and Consumer Protection Department (BCCP) at [email protected].
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). Mobile Banking Consent Form (Pakistan) (Pakistan) [Legal document template]. Forms Legal. https://forms-legal.com/pakistan/financial/forms/mobile-banking-consent-form-pakistan
"Mobile Banking Consent Form (Pakistan) (Pakistan)." Forms Legal, 2026, https://forms-legal.com/pakistan/financial/forms/mobile-banking-consent-form-pakistan.
@misc{formslegal-mobile-banking-consent-form-pakistan,
author = {{Forms Legal}},
title = {Mobile Banking Consent Form (Pakistan) (Pakistan)},
year = {2026},
howpublished = {\url{https://forms-legal.com/pakistan/financial/forms/mobile-banking-consent-form-pakistan}},
note = {Free legal document template}
}Frequently Asked Questions
Yes. A Mobile Banking Consent Form signed by a bank account holder is legally binding in Pakistan under the Electronic Transactions Ordinance 2002 and the Contract Act 1872. Section 5 of the Electronic Transactions Ordinance 2002 grants full legal recognition to electronic documents, and Section 9 confirms that contracts formed through electronic communications are enforceable. Whether the consent is given in paper form at a bank branch or through an in-app digital acceptance on the bank's mobile application, it constitutes a valid agreement between the customer and the bank. Courts in Lahore, Karachi, and Islamabad have upheld bank mobile banking agreements in recovery and fraud disputes. The Payment Systems and Electronic Fund Transfers Act 2007 further reinforces the legal framework for electronic authorisations in payment transactions.
The State Bank of Pakistan regulates mobile banking through several overlapping frameworks. The SBP's Branchless Banking Regulations govern agent-based mobile financial services through providers such as Easypaisa and JazzCash. The SBP's Internet Banking Policy and Guidelines on IT Security apply to bank-owned mobile banking applications. The Payment Systems and Electronic Fund Transfers Act 2007 governs fund transfers processed through mobile banking. The SBP's Digital Financial Services Policy 2020 sets out requirements for two-factor authentication using PTA-registered SIMs, transaction monitoring, fraud detection, and consumer protection. The Electronic Money Institutions (EMI) Regulations 2019 govern digital wallet providers such as NayaPay and SadaPay. All mobile banking service providers must comply with the Anti-Money Laundering Act 2010 and SBP AML/CFT Regulations, which require customer identification through NADRA's biometric verification and transaction monitoring for suspicious activity reporting to the Financial Monitoring Unit (FMU) of Pakistan.
Unauthorised access to mobile banking in Pakistan constitutes a criminal offence under Section 3 of the Prevention of Electronic Crimes Act 2016 (PECA 2016), which criminalises unauthorised access to an information system, carrying imprisonment of up to two years and a fine of up to PKR 500,000. If funds are fraudulently transferred, additional charges under Section 419 and 420 of the Pakistan Penal Code 1860 (cheating and dishonestly inducing delivery of property) may apply, with imprisonment of up to seven years. The victim should immediately contact their bank to freeze the account and file a complaint with the FIA Cybercrime Wing (www.fia.gov.pk) and the SBP Banking Conduct and Consumer Protection Department (BCCP). The bank is required under SBP Consumer Protection Regulations to investigate and provide a written response within 30 days. SIM swapping fraud — where fraudsters obtain a duplicate SIM from a PTA-registered retailer — is a common vector; victims should also report to PTA's consumer complaint portal.
Yes. For joint bank accounts, mobile banking access may be granted to one or both account holders, depending on the bank's operational rules and the joint account mandate (either-or-survivor, joint operation, or any-one-to-sign). The Mobile Banking Consent Form for a joint account should specify which account holder(s) are authorised to operate mobile banking, the scope of each holder's authority, and whether transaction alerts will be sent to one or both registered mobile numbers. Under SBP Consumer Protection Regulations, the bank must maintain a separate audit trail for transactions by each authorised user. In the event of a dispute between joint account holders, the bank will rely on the signed consent form to determine the scope of each holder's authorised access. Changes to joint banking mandates require fresh consent documentation signed by all account holders.
The Personal Data Protection Act 2023 (PDPA 2023) introduced formal data protection requirements in Pakistan that directly affect mobile banking consent documentation. Under the PDPA 2023, banks must obtain freely given, specific, informed, and unambiguous consent from customers before processing their personal financial data through mobile banking platforms. The consent form must clearly state the purpose for which data is collected (transaction processing, fraud prevention, credit scoring, regulatory reporting), the categories of data processed (transaction history, location data, device identifiers), the third parties with whom data is shared (SBP, FMU, eCIB, NIFT, 1-Link), and the retention period. Customers have the right under the PDPA 2023 to withdraw consent, access their data, and request correction of inaccurate data. The National Commission for Personal Data Protection (NCPDP), established under the PDPA 2023, oversees enforcement. Banks that process mobile banking data without adequate PDPA 2023-compliant consent face regulatory penalties.
RAAST is Pakistan's first instant payment system, launched in 2021 by the State Bank of Pakistan under the National Payment Systems Strategy. RAAST enables real-time fund transfers between bank accounts using the recipient's CNIC number, mobile phone number, or IBAN — eliminating the need for lengthy IBFT processing through NIFT. RAAST is governed by the Payment Systems and Electronic Fund Transfers Act 2007 and the SBP's RAAST Operating Rules. When a customer activates RAAST ID through their bank's mobile application, they provide consent for the bank to link their mobile number or CNIC to the national RAAST directory maintained by the SBP. The Mobile Banking Consent Form should specifically address RAAST enrollment — including consent to receive incoming transfers from any RAAST participant based on the linked identifier — because this means anyone who knows the customer's CNIC or phone number can initiate a transfer to their account without needing the IBAN. Customers should review and understand RAAST ID implications before activation.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Bank Account Mandate (Pakistan)
A Bank Account Mandate for Pakistan — a formal instruction to a bank authorizing a third party to operate an account on the account holder's behalf, governed by the State Bank of Pakistan Act 1956 and SBP KYC regulations, executed on the bank's prescribed form and signed by all account holders.
AML/KYC Declaration Form (Pakistan)
An AML/KYC Declaration Form for Pakistan — a customer due diligence document submitted to banks, NBFCs, and financial institutions under the Anti-Money Laundering Act 2010, FATF recommendations, and State Bank of Pakistan's AML/CFT Regulations.
Mobile Phone Sale Agreement (Pakistan)
A Mobile Phone Sale Agreement for Pakistan — a written contract recording the sale and purchase of a mobile phone between private parties, governed by the Sale of Goods Act 1930, Contract Act 1872, and Pakistan Telecommunication Authority device registration requirements under DIRBS.
Authorization Letter (Pakistan)
An Authorization Letter for Pakistan — a formal written document granting another person authority to act on the writer's behalf for a specific purpose, governed by the Contract Act 1872, executed on plain or stamp paper and used across government, banking, and institutional contexts.
Privacy Policy (Pakistan)
A Privacy Policy for businesses operating in Pakistan, compliant with the Prevention of Electronic Crimes Act 2016 (PECA) and the Personal Data Protection Bill framework, covering data collection, use, and user rights.