PECA 2016 SIM Fraud Law Pakistan — What Is Illegal and What Are the Exact Penalties (2026)

Last Verified: June 2026 | By SimOwner.net.pk Editorial Team — Pakistan’s SIM fraud legal documentation specialists since 2015


The Prevention of Electronic Crimes Act 2016 (PECA) is Pakistan’s foundational cybercrime legislation — and understanding exactly what it criminalizes, what penalties apply, and how each provision relates specifically to SIM fraud gives you the legal knowledge needed to understand your rights as a victim, recognize when a crime has been committed against you, and engage effectively with law enforcement and legal processes.

This guide provides a comprehensive, section-by-section breakdown of every PECA 2016 provision relevant to SIM fraud — with exact penalty amounts, plain-language explanation of what conduct each section prohibits, and practical examples of how each section applies to real SIM fraud scenarios documented in Pakistan.

This is not a substitute for legal advice from a qualified advocate — but it gives you the foundational legal literacy to understand your situation and communicate effectively with FIA, police, and legal counsel. Check your current SIM registration status at SimOwner.net.pk as the practical first step alongside this legal understanding.


PECA 2016 — Legislative Background

The Prevention of Electronic Crimes Act 2016 was enacted by Pakistan’s Parliament to create a comprehensive legal framework addressing crimes committed through electronic and digital means — an area that previously had limited or ambiguous legal coverage under Pakistan’s older Pakistan Penal Code (PPC) provisions.

PECA established:

  • Specific definitions for electronic crimes
  • Clear penalties for each category of offence
  • Investigative powers for FIA’s Cybercrime Wing
  • Procedural frameworks for evidence collection and prosecution
  • Jurisdiction provisions for crimes with electronic/digital elements

For SIM fraud specifically, PECA provides the primary legal basis — because SIM registration, biometric verification, and the resulting fraud all occur within “information systems” as defined by the Act.


Section 14 — Unauthorized Access to Information System or Data

What It Prohibits

Section 14 criminalizes intentionally gaining unauthorized access to any information system or data. “Information system” under PECA’s definitions includes electronic systems used for processing, storing, or transmitting data — which encompasses network operator SIM registration systems, PTA’s SVMS, and NADRA’s MBVS.

How It Applies to SIM Fraud

When a criminal — or a complicit franchise employee acting on a criminal’s behalf — accesses the SIM registration system to process a fraudulent registration without proper authorization (i.e., without the legitimate CNIC holder’s consent), this constitutes unauthorized access under Section 14.

Penalty

Imprisonment: Up to 3 months Fine: Up to Rs. 50,000 Or both

Practical Example

A franchise employee logs into the SIM registration terminal and processes a registration for “John’s CNIC” without John’s knowledge or biometric verification — at the direction of a criminal who paid a bribe. This unauthorized access to the registration system violates Section 14.


Section 15 — Unauthorized Copying or Transmission of Data

What It Prohibits

Section 15 criminalizes the unauthorized copying, transmission, or dissemination of data from any information system without authorization.

How It Applies to SIM Fraud

When CNIC numbers, subscriber data, or biometric information is copied from operator systems or breach databases and transmitted to facilitate fraud, this constitutes a Section 15 violation — separate from and additional to the actual fraudulent SIM registration.

Penalty

Imprisonment: Up to 6 months Fine: Up to Rs. 100,000 Or both

Practical Example

A criminal obtains a database of Pakistani subscriber CNIC numbers (from a breach source) and transmits this data to associates who will use it for fraudulent SIM registration attempts. The act of copying and transmitting this stolen data is itself a separate Section 15 offence.


Section 16 — Identity Information Crimes (The Primary SIM Fraud Provision)

What It Prohibits

Section 16 is the most directly applicable provision for SIM fraud cases. It criminalizes obtaining, selling, possessing, transmitting, or using the identity information of another person — without authorization — with the intent to commit, or aiding in the commission of, a crime.

“Identity information” under PECA explicitly includes: name, CNIC number, address, biometric data, and other identifying information.

How It Applies to SIM Fraud

This is the core provision that directly addresses the act of using someone’s CNIC number and identity to register a SIM without their consent. Virtually every SIM fraud case in Pakistan involves a Section 16 violation as the central charge.

Penalty

Imprisonment: Up to 3 years Fine: Up to Rs. 5,000,000 Or both

This is the most serious penalty among the primary SIM-fraud-relevant sections — reflecting the seriousness with which Pakistani law treats identity-based fraud.

Practical Example

A criminal obtains a victim’s CNIC number from a data breach and uses it to register a SIM card in the victim’s name without their knowledge, in order to commit further financial fraud. This is a textbook Section 16 violation — the primary charge in nearly all FIA SIM fraud prosecutions.


Section 17 — Unauthorized Interception

What It Prohibits

Section 17 criminalizes intercepting, causing interception, or attempting to intercept any communication transmitted through an information system or network without lawful authorization.

How It Applies to SIM Fraud

When a fraudulently registered SIM (via SIM swap or unauthorized registration) is used to intercept OTPs, banking communications, or other electronic messages intended for the legitimate account holder, this constitutes interception under Section 17 — in addition to the identity crime under Section 16.

Penalty

Imprisonment: Up to 2 years Fine: Up to Rs. 500,000 Or both

Practical Example

After fraudulently obtaining a victim’s SIM through SIM swap, a criminal intercepts SMS OTPs sent by the victim’s bank, enabling unauthorized transactions. The interception of these OTP messages is a Section 17 violation, prosecuted alongside the Section 16 identity crime and Section 21 electronic fraud.


Section 18 — Offences Against Critical Infrastructure (Limited SIM Fraud Relevance)

What It Prohibits

Section 18 addresses crimes against critical information infrastructure — generally relevant to attacks on essential services rather than individual SIM fraud cases.

SIM Fraud Relevance

This provision is generally not applicable to typical individual SIM fraud cases but could become relevant in cases involving large-scale, coordinated attacks on telecom infrastructure itself (distinct from individual fraudulent registrations).


Section 19 — Offences Against Dignity of a Natural Person

What It Prohibits

Section 19 criminalizes the use of electronic means — including SIM-enabled communications — to harass a person through repeated unwanted contact, or to publish/transmit false and obscene material intended to harm someone’s dignity.

How It Applies to SIM Fraud

When a fraudulently obtained SIM (through swap or unauthorized registration) is used to harass the victim’s contacts — for example, sending inappropriate messages from the victim’s WhatsApp after a SIM swap takeover — Section 19 applies in addition to the underlying identity crime.

Penalty

Imprisonment: Up to 3 years Fine: Up to Rs. 1,000,000 Or both


Section 20 — Offences Against Modesty and Minors

What It Prohibits

This section addresses the most serious category — non-consensual sharing of intimate content, content threatening modesty, and material involving minors in harmful contexts.

How It Applies to SIM Fraud

When SIM fraud (such as WhatsApp account takeover via SIM swap) is used as the mechanism to access and subsequently distribute intimate content from a victim’s accounts, Section 20 applies — carrying the most severe penalties among the SIM-fraud-relevant provisions.

Penalty

Imprisonment: Up to 7 years Fine: Up to Rs. 5,000,000 Or both


Section 21 — Electronic Fraud

What It Prohibits

Section 21 criminalizes dishonest or fraudulent input, alteration, deletion, or suppression of data, or interference with an information system’s functioning, to gain illegal benefit or cause harm.

How It Applies to SIM Fraud

When SIM fraud results in actual financial loss — unauthorized JazzCash withdrawals, bank transfers via intercepted OTPs, fraudulent microloans taken using a victim’s identity — Section 21 applies as the financial crime charge alongside the underlying Section 16 identity crime.

Penalty

Imprisonment: Up to 2 years Fine: Up to Rs. 10,000,000 (the highest fine among the commonly applicable sections) Or both

Practical Example

A criminal who obtained a fraudulent SIM uses it to intercept banking OTPs and transfer Rs. 200,000 from the victim’s account. This is prosecuted under Section 21 (electronic fraud) in combination with Section 16 (identity crime) and Section 17 (interception).


How Multiple Sections Combine in a Typical SIM Fraud Case

Real Pakistani SIM fraud prosecutions typically charge multiple PECA sections simultaneously, reflecting the multi-faceted nature of the crime:

Typical SIM swap fraud with financial loss charges:

  • Section 14 (unauthorized access to registration system)
  • Section 16 (identity information crime — primary charge)
  • Section 17 (interception of OTP communications)
  • Section 21 (electronic fraud — financial loss)

Typical WhatsApp takeover via SIM swap with harassment of contacts:

  • Section 16 (identity crime)
  • Section 19 (harassment of contacts)

Typical sextortion case enabled by SIM fraud:

  • Section 16 (identity crime)
  • Section 20 (modesty offence — highest penalty)
  • Section 21 (if financial extortion occurred)

Understanding this combination helps you ensure your FIR and FIA complaint cite every applicable section relevant to your specific fraud scenario — maximizing the legal basis for prosecution.


PECA’s Investigative and Procedural Provisions

Beyond the substantive crime definitions, PECA includes important procedural provisions relevant to SIM fraud victims:

Section 31 — Preservation of data: Allows FIA to issue orders preserving evidence (CDRs, registration records) before they are deleted per normal retention schedules.

Section 32 — Real-time collection and recording: Provides FIA investigative authority to collect data relevant to ongoing investigations.

Section 34 — Production orders: Allows courts to compel service providers (network operators) to produce subscriber information and records.

These provisions are why filing your FIA complaint promptly matters — they trigger the evidence preservation mechanisms that protect your case before critical evidence (like franchise CCTV footage, typically retained only 30-90 days) is lost.


Cognizable vs Non-Cognizable Offences Under PECA

All the SIM-fraud-relevant PECA sections discussed (14, 15, 16, 17, 19, 20, 21) are classified as cognizable offences — meaning:

  • Police can register an FIR without requiring a magistrate’s prior order
  • Police have authority to arrest without warrant for these offences
  • This is why police cannot legally refuse to register an FIR for documented SIM fraud — as detailed in our comprehensive FIR guide

Civil Remedies Alongside Criminal Prosecution

PECA’s criminal provisions exist alongside civil legal remedies. A SIM fraud victim can pursue:

Criminal prosecution: Through FIA/police under the PECA sections detailed above — results in imprisonment and fines paid to the state, not directly to the victim.

Civil suit for damages: Separately, a victim can file a civil suit against the identified perpetrator (once identified through criminal investigation) seeking monetary compensation for financial losses, emotional distress, and other damages — this requires a lawyer and is a parallel, separate legal process from the criminal case.

Banking/financial reversal: As detailed in our bank reversal guide, financial recovery through bank/wallet dispute processes operates independently of the criminal case timeline, though documentation from the criminal complaint strengthens reversal claims.


Frequently Asked Questions

Q: Can a minor be charged under PECA for SIM fraud?
A: Pakistan’s Juvenile Justice System Act 2018 governs criminal proceedings against minors (under 18), providing different procedural protections and consequences compared to adult prosecution under PECA. A minor involved in SIM fraud would face proceedings under the juvenile justice framework while PECA’s substantive provisions still define what conduct is illegal.

Q: Is there a time limit for filing a PECA complaint after SIM fraud occurs?
A: PECA does not specify especially short limitation periods for its offences — general criminal limitation principles under Pakistani law apply, which for most offences extends to several years. However, practical evidence preservation (CDRs, CCTV footage) deteriorates much faster than the legal limitation period, making prompt filing important regardless of the technical limitation period.

Q: Can I be charged under PECA if a SIM was fraudulently registered in my name and used for crimes I did not commit?
A: No — being the victim of identity fraud (someone using your CNIC to register a SIM without your knowledge) does not make you criminally liable for what the criminal subsequently did with that SIM. Your FIA complaint, FIR, and supporting evidence establish you as the victim, not the perpetrator. If you face any questioning, your documented fraud reports are your protection.

Q: Do PECA penalties increase for repeat offenders?
A: PECA does not include a generalized repeat-offender enhancement clause across all sections in the way some criminal statutes do, though courts have discretion in sentencing within the statutory ranges, and an established pattern of offending (multiple SIM fraud victims, for example) is a relevant sentencing factor for judges.

Q: How does PECA interact with the Pakistan Penal Code for SIM fraud cases?
A: Where conduct also violates traditional PPC provisions (such as cheating or forgery under the PPC), prosecutors may charge both PECA and relevant PPC sections, depending on case specifics. A qualified advocate can advise on the optimal charging strategy for complex cases involving both digital and traditional fraud elements.


Summary: PECA 2016 Sections Relevant to SIM Fraud

SectionOffenceMax ImprisonmentMax Fine
14Unauthorized access to information system3 monthsRs. 50,000
15Unauthorized copying/transmission of data6 monthsRs. 100,000
16Identity information crimes (PRIMARY)3 yearsRs. 5,000,000
17Unauthorized interception2 yearsRs. 500,000
19Offences against dignity (harassment)3 yearsRs. 1,000,000
20Offences against modesty/minors7 yearsRs. 5,000,000
21Electronic fraud2 yearsRs. 10,000,000

For Pakistan’s most comprehensive SIM fraud legal documentation, FIR guidance, and CNIC protection resources, visit Sim Owner Details — Pakistan’s trusted SIM information resource since 2015.


All PECA 2016 sections and penalties cited as currently in force as of June 2026. SimOwner.net.pk is not a law firm — this guide is for educational purposes. Consult a qualified Pakistani advocate for legal advice specific to your situation.

Related Guides on SimOwner.net.pk:

Leave a Comment