PTA fines Zong Rs. 116.7 million in one of the most significant SIM-issuance penalties issued by Pakistan’s telecom regulator in recent memory. The fine, directed under Section 23 of the Pakistan Telecommunication Authority‘s governing legislation, follows a detailed 16-page enforcement order that exposes serious gaps in how Zong monitored its franchise network. The case is a sharp reminder that SIM fraud is not just a consumer nuisance, it is a regulated offence with heavy financial consequences for operators who let it happen.
PTA Fines Zong: How the Case Started
The investigation began with a single citizen complaint. A subscriber discovered that two SIM cards had been registered against their CNIC (National Database and Registration Authority) without their knowledge or physical presence. PTA took the complaint seriously and launched a formal inquiry.
Acting on that inquiry, PTA raided two Lahore-based Zong franchise outlets in October 2025. During those raids, officials recovered biometric verification devices, laptops, mobile phones, and hundreds of suspicious SIM cards. A separate but related account from PTA’s own enforcement records also points to franchise networks in Islamabad and Karachi being implicated in the broader chain of unauthorised activations.
What Zong Actually Did Wrong
The enforcement order identified three core failures on Zong’s part:
- No physical presence verification: Zong failed to confirm that subscribers were physically present at the outlet when their SIMs were being activated.
- Live Finger Detection (LFD) not enforced: Biometric devices at the implicated franchises were not running LFD, a critical feature designed to detect fake or replicated fingerprints. Without it, bad actors can use spoofed biometrics to register SIMs against someone else’s CNIC.
- Weak franchise monitoring: Zong’s internal compliance system was not robust enough to flag irregular SIM activation patterns at the retail level, allowing the abuse to continue undetected.
PTA concluded that these lapses severely compromised the security and integrity of Pakistan’s SIM issuance regime.
Zong’s Defence and Why PTA Rejected It
Zong pushed back. The company maintained that all SIM activations were processed through PTA-approved biometric procedures and that its internal reviews found no evidence of system manipulation or biometric failures. Zong argued the flagged devices handled only a tiny fraction of total franchise sales, and that internal compliance alerts never triggered because demographic and geographic trends stayed within normal limits.
The company also pointed to corrective steps it had taken: blacklisting the individuals involved, blocking hundreds of suspicious SIMs for re-verification, and taking action against the responsible franchisees. One franchise in Islamabad had an employee removed; the Karachi outlet was fined; over 800 mobile numbers linked to the concerned sales staff were suspended pending re-verification.
PTA was not persuaded. The regulator firmly rejected the argument that franchisees carry their own separate liability. The Subscribers Antecedents Verification Regulations place full responsibility on the operator for every SIM sold through any channel, direct or indirect. Zong’s weak enforcement is precisely what allowed the unauthorised SIMs to be activated in the first place.
PTA directed Zong to deposit the Rs. 116.7 million fine within 10 days, warning that failure to comply would trigger further legal proceedings.
Not an Isolated Case: Telenor and Others Also Penalised
This penalty against Zong did not come in isolation. In the same enforcement cycle, Telenor Pakistan received a matching Rs. 116.7 million fine after PTA uncovered an unauthorised sales operation inside Khyber Teaching Hospital in Peshawar. PTA officials found that CRM access had been extended to the hospital kiosk through a VPN connection, allowing the stall operator to activate SIMs and perform sensitive subscriber transactions without proper authorisation. When Telenor claimed it had terminated the employee and fixed the issue, a follow-up visit found the same person operating from the same stall with the same equipment. PTA fined Telenor for those exact failures.
Earlier records show Jazz and Ufone also received penalties of Rs. 77.8 million each for biometric registration failures. The pattern is clear: PTA is no longer issuing warnings. It is issuing invoices.
For more context on how Pakistan’s telecom regulatory landscape is evolving alongside network expansion, see our coverage of the Ericsson Mobility Report 2026 and Pakistan’s 5G outlook.
What This Means for All Pakistani Telcos
The regulatory message from PTA is direct: operators are accountable for the full sales chain, not just what happens inside their own offices. A retailer at a corner market, a kiosk inside a hospital, a franchise in a busy commercial area, if a SIM is sold on that network, the operator owns the compliance outcome.
This enforcement wave is pushing telcos to invest more heavily in franchise audits, device-level compliance checks, and real-time anomaly detection across their retail networks. The LFD requirement, in particular, is non-negotiable, and PTA has shown it will check.
Looking further ahead, PTA is also moving toward a dual biometric system for SIM issuance. Alongside the current fingerprint scan, mandatory facial verification is being introduced as a second authentication factor. This upgrade directly targets the kind of spoofed-fingerprint fraud that LFD failures enable. For Pakistani consumers, this means getting a new SIM will soon require both a fingerprint scan and a facial scan at the franchise counter.
What Pakistani Consumers Need to Know
The Zong case started with one person checking whether unknown SIMs were registered to their CNIC. That is a check every Pakistani mobile user should run regularly. Here is what you need to know:
- Check your SIMs for free: Send your 13-digit CNIC number (without dashes) as an SMS to 668 from any network. You will receive a count of all SIMs registered against your identity across all operators. You can also visit cnic.sims.pk online for a full breakdown with activation dates.
- The legal SIM cap: Under current PTA rules, a CNIC holder may hold a maximum of 5 voice SIMs and 3 data SIMs across all operators combined, 8 in total. If 668 shows more than you own, act immediately.
- If you find an unauthorised SIM: Visit the relevant operator’s official franchise with your original CNIC and request the SIM be disowned. File a complaint with PTA at 0800-55055 to create a legal record. Also notify your bank and mobile wallet provider, since an unauthorised SIM can be used to intercept OTPs and drain financial accounts.
- Guard your CNIC: Fraudsters only need a visual copy of your ID to attempt fake biometric registrations. Do not leave photocopies at shops or share CNIC photos casually.
- The new 365-day rule: PTA has extended the SIM activation restriction period to 365 days. A newly issued SIM cannot be deactivated, transferred, or disowned for one full year after activation. This makes early detection even more critical, the sooner you spot an unauthorised SIM, the sooner you can begin the formal process.
Frequently Asked Questions
Why did PTA fines Zong Rs. 116.7 million specifically?
The amount was imposed under Section 23 of the Pakistan Telecommunication (Re-organization) Act, 1996, following a 16-page enforcement order that found Zong guilty of failing to verify subscriber physical presence, not enforcing Live Finger Detection on its biometric devices, and running an inadequate franchise monitoring system. The same fine amount was applied to Telenor in a separate but concurrent case.
Can a telecom operator blame its franchisee for illegal SIM issuance?
No. PTA’s Subscribers Antecedents Verification Regulations explicitly place full responsibility on the licensed operator for every SIM sold on its network, whether through a company-owned outlet or an independent franchisee. Zong tried this argument and PTA rejected it outright.
How can I check if someone has registered a SIM on my CNIC without my consent?
Send your 13-digit CNIC number (no dashes) via SMS to 668 from any Pakistani network. The reply shows how many SIMs are registered against your identity across all operators. You can also use the government web portal cnic.sims.pk for a full breakdown. If you find SIMs you do not recognise, visit the relevant operator’s franchise immediately with your original CNIC to disown them, and call PTA at 0800-55055 to file a formal complaint.
What is Live Finger Detection (LFD) and why does it matter?
LFD is a security feature built into biometric verification devices that detects whether a fingerprint being scanned belongs to a live human finger or a fake replica, such as a silicone mould or a lifted print. Without LFD active, fraudsters can use artificial fingerprints to register SIMs against someone else’s CNIC even when the real owner is not present. PTA found that Zong’s implicated franchise devices were not running this feature, which is what allowed the fraudulent activations to occur.