Beware - hackers are going after ATMs in Pakistan

FIA begins probe as HBL customers lose millions in cyberattack; bank says all those affected will be reimbursed

Salman Siddiqui December 03, 2017
Hacking through skimming devices is a global phenomenon and not limited to HBL alone, an official argued, adding the scale of the problem was small keeping in view the overall HBL customer base of 10 million. Photo: Express

KARACHI: Bank customers became the subject of stress and inconvenience as a number of ATM users reported fraudulent activity, complaining of unauthorised withdrawals from their accounts and blockage of plastic cards after reports surfaced of a wide-scale hacking incident.

The Federal Investigation Agency’s (FIA) cybercrime wing has kicked off investigations into these bank account hacking incidents following complaints by Habib Bank Limited (HBL), which acknowledged that around 600 customers across the country have lost close to Rs10 million in the cyberattack.

“An ATM installed at Khayaban-e-Ittehad (Karachi) has been cited as the target of the attack,” an FIA official said while talking to The Express Tribune.

Apart from this, several such cases have been reported from Dolmen Mall, Karachi. Reports also surfaced of a similar cyberattack in Islamabad. Banks including HBL responded by blocking users’ ATM cards as a precaution against further loss.

Changes at HBL as Nauman Dar, president and CEO, set to retire

Cyber criminals challenged the technology-driven banking system in Pakistan at a time when the country is looking to increase financial inclusion and bringing more people into the formal sector.

Reports of several fraudulent transactions surfaced over the week, which cited that consumer data was stolen through placement of skimming devices on ATM facilities.

HBL Chief Marketing Officer Naveed Asghar acknowledged that around 579 customers of the bank had been impacted by the cyberattack at around 10 ATM facilities. The affected customers, who would be reimbursed, lost less than Rs10 million, said Asghar.

“We are investigating it (hacking) and will reimburse those who have lost their money,” he emphasised.

“All machines (ATMs) have been rechecked to make sure that the bug is removed … we are giving assurances to our customers that there is nothing to panic and worry about.”

Hacking through skimming devices is a global phenomenon and not limited to HBL alone, he argued, adding the scale of the problem was small keeping in view the overall HBL customer base of 10 million.

“We are reassuring our customers that within no time, on a war footing, their debit cards will be replaced…we have blocked the affected cards,” he said.

Separately, State Bank of Pakistan spokesman Abid Qamar told The Express Tribune that it was aware of the issue since it had been highlighted in the media. The central bank is in touch with HBL and has sought relevant information from the bank, he disclosed. “We may precisely comment on it after receiving the information which may arrive at the end of the ongoing holidays,” the spokesman said.

Earlier, several consumers of a couple of banks complained that their ATM cards were hacked while withdrawing cash in different parts of Karachi and Islamabad.

They came to know about the cyberattack when they got phone calls from their banks. “I lost cash at the hands of criminals. By the time, my bank sprang into action and blocked the card, it was too late,” a customer who lost Rs20,000 said.

FIA Sindh’s cybercrime unit short of staff

Another customer said the criminals had succeeded in stealing his data, but his bank blocked his card on time and thwarted the attacker’s bid to withdraw money from his account. In yet another case, a bank blocked its customer’s ATM card as a precautionary measure as it suspected that the criminals had hacked his card. Talking about lost money, a seasoned banker was of the view that banks who had been targeted were liable to return the looted money to their customers.

However, he clarified that banks would not take the hit as all kind of deposits were insured with insurance companies, which would pay the claims to be filed by the banks.

“The business of insurance firms is to mitigate the risk of losing something and pay claims after verifying incidents,” the banker elaborated.

Some time ago, the FIA cybercrime circle had held several Chinese nationals and Pakistani citizens who were found involved in similar cases of theft in Karachi and Lahore.

Pakistan has faced a surge in cybercrime over the past couple of years and to cope with the challenge the government has recently framed cybercrime laws. As such cases become more common, the challenge for the government has increased, said an analyst, adding that Pakistan needs to improve its digital security as it moves towards greater technology adoption.

Published in The Express Tribune, December 3rd, 2017.

Like Business on Facebook, follow @TribuneBiz on Twitter to stay informed and join in the conversation.


Ali S | 3 years ago | Reply Banks must immediately release a list of ATM locations from where data was stolen so we can avoid them.
junglee | 3 years ago | Reply Always tug the card receptacle (often green in colour) beforehand. If the cap comes out, its been compromised.
Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ


Most Read