SadaPay's Turkish owner faces money laundering probe
Listen to article
Papara — a Turkish financial technology company that acquired Pakistan's leading fintech SadaPay in May 2024 — is currently under investigation by Turkish authorities for alleged involvement in money laundering, illegal betting, and other financial crimes.
The company's founder and CEO, Ahmed Faruk Karsl?, has been detained along with 12 others as part of a sweeping law enforcement operation.
According to a report by Turkiyetoday.com, the Istanbul Chief Public Prosecutor's Office confirmed that Karsl? was taken into custody during coordinated early morning raids across Istanbul. Authorities have seized a wide range of assets linked to the suspected criminal network, including eight businesses under PPR Holding Inc., multiple properties, luxury vehicles, yachts, and cryptocurrency wallets.
The investigation, supported by data from the Central Bank of the Republic of Turkey (CBRT), the Financial Crimes Investigation Board (MASAK), and other regulatory bodies, revealed that Papara's platform was allegedly used to facilitate illegal financial transactions.
Investigators found that 102 of the 26,012 user accounts created through Papara's technology were directly involved in high-volume illegal betting and fund transfers. These transactions were routed through 274 different bank accounts and eventually funneled into 16 cryptocurrency wallets as part of an elaborate money laundering scheme.
Turkish Interior Minister Ali Yerlikaya stated that 13 individuals have been detained and that assets of the companies and suspects involved have been frozen. The financial crimes unit estimates that the illicit transactions amounted to over 12.9 billion Turkish lira (approximately $330 million).
Papara, which reportedly has over 21 million users and a valuation exceeding $2 billion, acquired Pakistan-based SadaPaya licensed Electronic Money Institution (EMI) regulated by the State Bank of Pakistan — exactly one year ago. However, Pakistani authorities have not yet reported any links between the Turkish investigation and SadaPay's operations in Pakistan.
Industry experts believe that the developments in Turkey necessitate a careful review by Pakistani regulators. A fintech analyst Muhammad Yasir urged the State Bank of Pakistan (SBP) to closely monitor local fintech operators associated with foreign sponsors.
"This case highlights the need for enhanced regulatory oversight and continuous due diligence," noted Yasir, adding, "While the allegations pertain to activities in Turkey, the reputational impact on SadaPay is inevitable. SBP must re-evaluate its existing EMI regulations and adopt a proactive approach to managing cross-border financial risks."
He added that as financial technologies evolved and cyber-financial crimes grew increasingly sophisticated, Pakistan's regulatory framework must be regularly updated to safeguard consumer interests and the integrity of the national financial system.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Express Tribune
3 hours ago
- Express Tribune
DPM Dar, acting Afghan FM Muttaqi reaffirm support for UAP Railway Line Project
Listen to article Deputy Prime Minister and Foreign Minister Ishaq Dar and Afghanistan's Acting Foreign Minister Amir Khan Muttaqi on Sunday reaffirmed their commitment to advancing the Uzbekistan-Afghanistan-Pakistan (UAP) Railway Line Project, calling it a vital step for enhancing regional connectivity. In a phone conversation, the two ministers underscored the strategic importance of the proposed railway corridor and agreed to work closely for the early finalisation of its framework agreement, according to a statement from Pakistan's Foreign Office. Muttaqi welcomed Pakistan's decision to upgrade diplomatic relations with Kabul to the ambassadorial level and confirmed Afghanistan would reciprocate the move. He termed the decision a 'positive development' for bilateral ties. The conversation also served as a follow-up to Dar's visit to Kabul on 19 April 2025. READ: Islamabad, Kabul eye joint fix for TTP Both sides reviewed the implementation of key decisions taken during that trip and reiterated their shared commitment to strengthening mutual trust and cooperation. Last month, Pakistan and Afghanistan agreed to ensure the dignified and orderly repatriation of undocumented Afghan nationals, amid tensions over Islamabad's deportation campaign. Dar's first trip to Afghanistan since assuming office focused on defusing friction and restarting stalled cooperation on security and regional connectivity. During his meetings with Acting Afghan Foreign Minister Amir Khan Muttaqi, Dar stressed the need to manage cross-border security, combat militancy, and strengthen bilateral trade. The ministers agreed to finalise a joint committee of intelligence and interior ministry officials to address counterterrorism and border management concerns. The two sides also reached consensus on enhancing regional economic links through initiatives like the CASA-1000 power project and the transnational Uzbekistan-Afghanistan-Pakistan railway.
Business Recorder
8 hours ago
- Business Recorder
Trump says withdrawing Musk ally as nominee to head NASA
WASHINGTON: US President Donald Trump said Saturday he was withdrawing his nomination of tech billionaire Jared Isaacman, a close ally of Elon Musk, to lead space agency NASA. Trump said last December, before returning to office, that he wanted the online payments entrepreneur and the first private astronaut to conduct a spacewalk to serve as the next head of NASA. But on Saturday, he said on his Truth Social platform that 'after a thorough review of prior associations, I am hereby withdrawing the nomination of Jared Isaacman to head NASA.' 'I will soon announce a new Nominee who will be Mission aligned, and put America First in Space.' Earlier Saturday, the New York Times had reported the move was coming, quoting unnamed sources as saying the decision had come after the president learned Isaacman had donated money to prominent Democrats. Asked about that report, the White House had told AFP in an email that it was 'essential that the next leader of NASA is in complete alignment with President Trump's America First agenda.' 'The Administrator of NASA will help lead humanity into space and execute President Trump's bold mission of planting the American flag on the planet Mars,' it said. The nomination shakeup appears to be a snub of billionaire Musk, who on Friday stepped back from his role leading Trump's so-called Department of Government Efficiency (DOGE). Musk reportedly lobbied directly with the president for Isaacman, who has had significant business dealings with Musk's SpaceX, to get the top NASA job, raising questions of possible conflicts of interest. As the news surfaced, Musk stressed on X that 'it is rare to find someone so competent and good-arted'. Trump says Pakistani representatives coming to US next week for trade talks The 42-year-old founder and CEO of Shift4 Payments has emerged as a leading figure in commercial spaceflight through his high-profile collaborations with SpaceX. He made history last September by stepping out of a Crew Dragon to gaze at Earth from the void of space while gripping the spacecraft's exterior, during the first-ever spacewalk carried out by non-professional astronauts.
Express Tribune
9 hours ago
- Express Tribune
Cracks in Pakistan's digital armour
A shocking global data breach has compromised the Internet user credentials for over 180 million Pakistanis, according to a recent advisory from the National Cyber Emergency Response Team of Pakistan (PKCERT), exposing serious vulnerabilities and systemic gaps within the country's cybersecurity, law enforcement and legal frameworks. The exposed data includes usernames, passwords, emails, and URLs linked to widely used online services, noted the advisory issued Monday. The services affected range from global tech giants like Google, Apple, Microsoft, Facebook, Instagram and Snapchat, to critical platforms including government portals, banks, educational institutions and healthcare providers. The breach originated from info-stealer malware, a type of malicious software that silently extracts sensitive information from infected devices and transmits it back to cybercriminals. Alarmingly, the stolen data was left completely unencrypted and openly accessible online, providing a goldmine for hackers. This exposure immediately places millions of Pakistani Internet users at risk of identity theft, financial fraud, account takeovers and targeted phishing attacks. It highlights users' widespread habit of password reuse — with just one compromised password, attackers can potentially access multiple accounts across different platforms. The fallout is already fueling a surge in 'credential stuffing' attacks, an automated technique in which hackers test stolen username-password combinations across various websites to hijack accounts. As this data circulates freely online, the scale and speed of such attacks are expected to rise, compounding the threat to Pakistan's digital ecosystem. Data breaches are occurring with increasing frequency and severity around the world. The 2023 Verizon Data Breach Investigations Report found that over 80 per cent of breaches involved compromised credentials, one of the most common and effective cyberattack vectors. While this is a global trend, Pakistan faces additional challenges due to its limited cybersecurity infrastructure and low levels of public awareness. As highlighted in Trends in Cyber Breaches Globally, the country mirrors international patterns in terms of threats but lacks the institutional resilience and public preparedness necessary to respond effectively. This latest breach pulls back the curtain on the recurring and alarming vulnerabilities within Pakistan's digital ecosystem. Between 2019 and 2023, over 2.7 million citizens' records from the National Database and Registration Authority (NADRA) were compromised. When a Joint Investigation Team uncovered the NADRA leak, they found personal information of citizens gathered from Karachi, Multan and Peshawar, underscoring how key parts of the country remain highly susceptible to cyber threats. Such incidents not only compromise individual privacy but also erode public confidence in digital governance, making the need for strong security measures even more urgent. In the wake of the breach, Pakistan's digital security has come under intense international scrutiny. Global partners and investors are questioning the country's capacity to safeguard sensitive data in the face of repeated large-scale leaks. Cybersecurity risks are a key part of international due diligence, and a poor track record significantly diminishes Pakistan's appeal to foreign direct investment (FDI). Digital insecurity doesn't just deter investment, it also jeopardises international partnerships, technology transfers and broader participation in the global digital economy. The reputational damage from such incidents is not easily reversed, and demands wide-ranging reforms and demonstrable improvements. PKCERT has advised the public to immediately change their passwords, ensuring they are strong and unique for each online account. It also recommends enabling multi-factor authentication (MFA) wherever possible. MFA adds an extra layer of security by requiring an additional form of verification — such as a one-time password (OTP), biometric scan or hardware token — alongside the standard password, all but eliminating the risk of unauthorised access, even if a user's password is compromised. That said, cybersecurity responsibility should not fall solely on individuals. The recent breach of a local news channel's databases illustrates a more serious systemic problem: the profound disconnect between rapid advances in technology and the ability of Pakistan's law enforcement, judiciary and legal practitioners to keep up. Investigating cybercrime to an acceptable degree requires a unique blend of technical, legal and forensic skillsets. Digital forensics, malware analysis and cyberthreat intelligence are areas where Pakistan's investigation officers are often inadequately trained and resource-deficient. Unlike traditional crimes that cross geography and national boundaries slowly, cybercrimes can propagate instantly. Tracing the electronic trail they leave behind requires specialists with the right skills and technology. Lack of it leads to poor evidence gathering, resulting in weak prosecution. Lawyers and judicial officers face challenges too. Judges hearing cybercrime cases need to understand complex technical evidence and means used to obtain it. Prosecutors and defence lawyers must, likewise, be familiar with the technicalities of digital evidence, which requires constant multidisciplinary study. Often the divide between technological complexity and legal capacity means justice is delayed or denied, a vulnerability cybercriminals exploit with impunity. The Prevention of Electronic Crimes Act (PECA) 2016 more or less covers cyber offences like unauthorised access, data breaches, electronic fraud and forgery, and cyberterrorism. It also provides outlines the framework for digital evidence and the investigation procedure. However, implementation remains challenging. Law enforcement is still developing awareness and capacity to address crimes under PECA, even as they must stay updated on rapidly evolving threats. Meanwhile, dedicated cybercrime courts and specialised prosecution units remain in early stages of development. Cyber law is rapidly evolving worldwide to address issues related to data privacy, protection, and cross-jurisdictional enforcement. A leading example is the European Union's General Data Protection Regulation, which has set a global benchmark with its stringent requirements on data handling and breach notifications. Pakistan's lawmakers and regulators can learn from such models to develop strong data protection frameworks that mandate encryption of sensitive information and require prompt disclosure of data breaches. Academic institutions and educational programmes have a vital role to play as bridges between technology developers, legal experts and law enforcement agencies. Pakistani universities are increasingly offering degrees and diplomas in cyber-related fields, equipping professionals to tackle cyber threat from multiple perspectives. By integrating computer science, criminology and legal studies, scholars and educators are crafting interdisciplinary curricula that prepare a new generation of experts fluent in both technological systems and regulatory frameworks. While demand for skilled cyber law professionals continues to grow, the current supply remains insufficient. To bridge this gap, universities and research institutions must expand their role by prioritizing applied research, interdisciplinary training, and partnerships with law enforcement. These collaborations should focus on hands-on training programmes, internships, and joint research initiatives tailored to Pakistan's specific cybercrime landscape. International journals such as the Journal of Cybersecurity and Digital Forensics, along with policy guidance from the International Telecommunication Union (ITU), consistently stress the importance of integrated approaches. Such collaboration fosters synergy that enhances the consistency of cybercrime investigations, ensures the admissibility of forensic evidence in court, and contributes to the development of technologically informed, practically enforceable legal frameworks. Moreover, cyber literacy efforts must extend beyond universities to schools, workplaces, and public awareness campaigns. A significant portion of Pakistani society remains vulnerable due to limited basic knowledge of cybersecurity. This gap is frequently exploited through social engineering tactics, phishing attacks, and misinformation campaigns. Cultivating a national culture of cybersecurity is essential for building digital resilience and safeguarding the broader digital ecosystem. From a law enforcement perspective, Pakistan must invest in specialised cybercrime units equipped with advanced forensic tools, malware analysis software, blockchain investigation capabilities, and AI-driven threat detection systems. Continuous training programmes are essential to keep pace with evolving cyber threats and digital investigative techniques. Collaboration with international cybercrime task forces can facilitate knowledge exchange and improve operational effectiveness. Equally important is capacity building within the judiciary to ensure the fair interpretation of often complex digital evidence. Establishing dedicated cyber courts with judges trained in cyber law and digital forensics would streamline case management and potentially improve conviction rates. To support these efforts, stronger public-private partnerships are vital for reinforcing Pakistan's cyber defence ecosystem. Private companies and critical infrastructure providers are frequent targets of cyber incidents. Therefore, government-led initiatives should promote information sharing, conduct joint cybersecurity drills, and coordinate responses to cyberattacks. Such collaboration is key to building a resilient and secure digital environment. International cooperation is another critical pillar of effective cyber governance. Cybercriminals often operate from foreign jurisdictions, making cross-border collaboration essential. Pakistan's active engagement in global frameworks — such as the Budapest Convention on Cybercrime — and the formation of bilateral cyber law enforcement agreements will enhance its ability to track, apprehend, and prosecute offenders across borders. Technological safeguards must also be standardised and legally mandated. Core security practices — such as robust encryption, mandatory multi-factor authentication, continuous vulnerability assessments, and a secure software development lifecycle — should be non-negotiable. Data protection must be a legal obligation, especially for organizations in finance, healthcare, and government sectors. These entities must be held accountable for safeguarding user data and reporting breaches swiftly and transparently. Emerging technologies bring both unprecedented threats and powerful opportunities. Cybercriminals are increasingly weaponising artificial intelligence to execute highly targeted attacks, perpetrate social engineering scams, and create convincing deepfakes for misinformation campaigns. At the same time, AI-driven cybersecurity tools can proactively detect anomalies in network traffic, identify zero-day vulnerabilities, and autonomously respond to threats. To stay ahead of such risks, Pakistan's cybersecurity strategy must prioritise investment in AI and machine learning. These technologies can also enhance data security and privacy through innovations such as blockchain and decentralised identity management, reducing dependence on traditional passwords and mitigating the risk of credential leaks. The recent breach affecting 180 million Pakistani users is a stark reminder of the urgency for comprehensive reform. Cybersecurity is not merely a technical issue — it is a societal challenge requiring multidisciplinary solutions, coordinated public policy, legal reform, and active public participation. Bridging the divides between technology, law enforcement, the judiciary, and academia is essential to building a resilient and secure digital future. By constructing such an integrated ecosystem, Pakistan can protect citizen privacy, strengthen national security, foster digital economic growth, and uphold justice in the digital era. This future is within reach — but it demands vision, commitment, and sustained collaboration. The massive data leak is not just a crisis; it is a clarion call. Ignoring it would be perilous. Rising to meet it could position Pakistan as a regional leader in cyber resilience. Ayaz Hussain Abbasi is a researcher and PhD scholar in the field cyber security and cybercrime All facts and information are the sole responsibility of the writer
