Pakistan Telecommunication Authority has partnered with Meta to introduce a new security mechanism aimed at curbing the rising number of hacking incidents on WhatsApp in Pakistan. The initiative centres on a dual One Time Password system designed to provide an additional layer of protection for users whose accounts are targeted through social engineering and unauthorised access attempts. The move comes amid growing concerns over digital fraud cases in which attackers manipulate victims into sharing verification codes, subsequently taking control of their messaging accounts and exploiting personal contact lists for financial scams.
Under the proposed system, a second One Time Password will be automatically generated if the first code is compromised or mistakenly shared. Officials explained that if a user realises the initial verification code has been exposed to a third party, they will be able to use the secondary code to immediately reclaim control of their account before it is fully taken over. The feature, referred to as Meta One Time Password, generates the additional code three minutes after the original password is issued. This built-in delay is intended to create a limited recovery window that can prevent permanent account loss while maintaining the integrity of the authentication process. According to officials familiar with the development, technical discussions between PTA and Meta have already been completed at an advanced stage, with final consultations expected shortly before formal deployment.
Authorities indicated that Pakistan will serve as the first market where this dual verification mechanism is rolled out, after which it may be extended to other jurisdictions. The decision to prioritise Pakistan reflects the scale of recent complaints received by regulators regarding account takeovers and financial fraud linked to compromised messaging accounts. PTA officials stated that Meta agreed to implement the enhanced security layer following repeated engagements focused on strengthening consumer protection and improving safeguards for local users. The regulator has increasingly emphasised collaborative approaches with global technology platforms to address vulnerabilities that expose citizens to online exploitation.
Law enforcement and regulatory bodies have reported a sharp increase in WhatsApp related fraud, particularly schemes in which attackers impersonate courier representatives, bank officials, or customer service agents to trick users into sharing their One Time Passwords. Once access is secured, perpetrators often message contacts saved in the victim’s phone, requesting urgent financial assistance or posing as the account holder to solicit funds. In some cases, identity details are also misused for broader financial deception. By introducing a secondary recovery code, PTA and Meta aim to disrupt this cycle and reduce the success rate of such tactics. The initiative forms part of wider efforts to enhance digital safety standards and strengthen trust in online communication platforms operating within Pakistan’s rapidly expanding digital ecosystem.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.