In the wake of threat of cyber-attacks, six Pakistani banks have suspended international transactions through debit cards. Yes, as a security precaution debit cards have been temporarily disabled only for international ATM cash withdrawal.
Our banking is facing a new more dangerous world in the digital era. The warning signs are there for Pakistani banks to update their cyber security.
And that’s why the SBP has come up with some instructions. The precautions are being taken on overseas transitions after the latest attack has hit BankIslami, one of the smaller banks in the country.
Analysts say that Pakistan’s banking system has become vulnerable in ways it was not a decade ago.
As banks have moved much of their services online, the corresponding investment in cyber security has remained low.
Major cash deposits remain vulnerable to all forms of cyber-attacks.
While the SBP has insisted that transactions within Pakistan remain safe, customers will not be satisfied until there are more details available on what the breach was and how it has been fixed.
In the case of BankIslami, around $6 million was stolen through international transactions from certain bank accounts. The bank claims to have returned the stolen money to the affected accounts.
While bank accounts are supposed to be protected by insurance, Pakistani banks are known to be lax about returning any amounts stolen from individual account via cyber scams. It is important for the SBP to undertake a formal investigation into the security breach.
The central bank has claimed it has asked the affected bank to take the requisite precautionary measures, but it would be good if the SBP could issue some detailed instructions of its own.
The cyber security systems run by banks in Pakistan are heavily dependent on human monitoring. Many banks require verification of each international transactions via their credit cards.
This is supposed to make transactions safer, but it does not qualify as a secure cyber management system.
Habib Bank had suffered a major data breach a few years ago, which forced it to block certain accounts and re-issue debit and credit cards to customers.
There was a further breach last year when a number of ATMs were hacked. Reports are abound of banks constantly being under cyber-attack.
Similarly, even car-hailing service Careem suffered a data breach. While it is true that digital security is not easy, with major corporations that invest billions in cyber security breached, there is a need for Pakistani banks to be up to date on the latest ways of tackling the cyber security threat. EDITORIALS
There is no shortage of crooks who are always there to commit frauds to enrich themselves at the cost of others.
The unpleasant incident which happened on the morning of October 27, 2018 when BankIslami came under cyber-attack; it detected certain abnormal transactions valuing Rs 2.6 million on one of its international payment card schemes. Initially, reports had suggested that the bank had lost about dollar 6 million but the officials in the bank said that the amount stolen was in Pak rupees. “We have checked almost all transactions after shutdown of international payments and are sure that Rs 2.6 million was the final figure that we lost,” confirmed the bank.
This is a classic example of a professional swindler or a team of unscrupulous elements who do not hesitate to exploit the opportunities provided by the new technologies meant to facilitate the financial institutions and for the convenience of customers.
This also goes to show that risks to the system may increase with the introduction of new products because those who are out to cheat the system are usually one-step ahead of the regulators.
Thankfully, the fraud at the BankIslami was detected in time, central bank was also alert to the situation and no major damage was done to any party. The BankIslami responded immediately by shutting down all international transactions originating from International Payment Scheme and signing out from inter-operability switch to avoid more financial losses. This may have inconvenienced genuine customers but was necessary under the circumstances.
Moreover, the amount siphoned off was small. The BankIslami was, however, not aware from which country or place the hackers had launched the attack to steal the money but was in consultation with the IT experts to identify weaknesses in the system.
The SBP called a meeting of the IT heads of all banks to discuss the issue and related risks to the card system the same day and urged upon all the banks for more measures to mitigate the risks emanating from card payment system and real time monitoring of card operations and transactions.
Banks were also advised to continuously upgrade their IT systems particularly those related to payment system to meet any challenges in future.
It may be mentioned that hackers were able to launch the attack despite the necessary guidelines by the SBP.
Over the past few years, digital payment infrastructure in Pakistan has gradually evolved, encouraged by a rapid rise in branchless banking accounts called mobile wallets and a continuous increase in subscriptions of 3G/4G networks.
So efforts are needed to thwart the threat of cyber-attacks effectively.