The massive security breach at Pakistani banks was imminent. Compared with the rest of the world, our banking infrastructure, replete with red tape and perpetually confused bank staff, is quite substandard. The compromise for having no choice but to use the banking system as adults is to subject one’s hard earned income to security breaches. Possibly the largest data security breach in the history of the country was reported on October 27, when a major bank admitted that it had experienced a cyberattack.
Even though the State Bank of Pakistan was proactive and directed all banks to review their data security measures immediately after, the magnitude of the breach was not fully understood. We now know that customers of most major Pakistani banks were rendered susceptible. According to one report, information for almost 20,000 credit and debit cards issued by Pakistani banks has been published or is up for sale on the Dark Web, a space on the Internet that allows for anonymous exchange and can only be accessed through special software.
Debit cards, as opposed to credit cards, urge the matter considering there is a direct transaction made as opposed to going through a crediting agency as with the latter. A total of 22 Pakistani banks currently have vulnerable customers whose data has been compromised. The need of the hour is for law enforcement, which is the Federal Investigation Agency taking over at this point, to act swiftly in tracing the hackers while working with banks to ensure that all transactions are ceased for the time being due to the enormity of the cyberattack. Concurrently, transparency and honesty in reporting to the public and especially bank customers are crucial.
After much ado, the reluctance on the public’s part to utilise electronic payment systems and heavily depend on the cash-on-delivery method seems plausible; perhaps they foresaw a grand scale breach like this. Realistically, however, the majority should have expected it. Our banking system is behind the times even though it is trying to catch up. Facilities are scarce and many basic procedures are tedious, such as opening new accounts or requesting an address change with government regulations taking priority over common sense and causing delays in processing all the while ignoring security vulnerabilities.
A major focus of cybercrime law enforcers and agencies has been to curtail explicit content that does not agree with Pakistani religio-cultural values on the World Wide Web. Government regulations, rather than so heavily focusing on the former and money in and out, also need to enforce security regulations and work on insuring people’s wealth.
At this time, the regulations appear to be skewed and heavily favor banks with little protection for customers. Although long-term plans should incorporate updating banking systems, banks should immediately notify customers whose accounts were hacked. Banks require more appropriate regulations in the way of transparency and reporting when a data security breach occurs, both, to a regulating body and their customers.