Pakistan's banking system witnesses another cyberattack

Published: October 29, 2018
Representational image. PHOTO: REUTERS

Representational image. PHOTO: REUTERS

KARACHI: Pakistan’s banking system lost Rs2.6 million in cyberattacks as online security measures failed to prevent breach of security in which overseas hackers stole customers’ data.

BankIslami Pakistan, which was a victim of the cyberattack, however, claimed it managed to avert a bigger financial loss which, international payment managers suggest, was to the tune of $6 million, following its exit from the international payment system.

The bank paid the lost amount to its customers immediately and also restored the biometric-enabled ATMs network in the country, but it had yet to reinstate the international payment system.

To remain on the safe side, a couple of other banks also restricted their international payments for the time being, including JS Bank which sent alert messages to its customers.

The message reads, “JS Bank has temporarily blocked all debit cards for online and international usage as a security precaution. Customers who wish to use their cards abroad may call us to unblock their cards…”

The latest attack is the third major cyber security breach in the country and the second within the banking sector in less than 10 months.

Gang involved in robbing people at ATMs arrested in Karachi

Earlier, Habib Bank Limited and Careem, the ride-hailing app, have faced such security risks, following which an expert advised the account and ATM card holders to change their passwords as soon as possible to prevent more financial frauds.

BankIslami was the first bank to begin Shariah-compliant operations in Pakistan in 2006 and is listed at the Pakistan Stock Exchange (PSX).

Its share price improved 0.44%, or Rs0.06, and closed at Rs13.85 with trading in 4,000 shares at the PSX on Monday.

In its immediate response to the security breach that happened on Saturday, the State Bank of Pakistan (SBP) temporarily suspended the use of BankIslami ATM and POS (Point of Sale) cards for “overseas transactions (only)”, the central bank said in a statement late on Sunday night.

“As a result of the security breach of payment cards of one of the banks in Pakistan yesterday (Saturday) and their unauthorised use on different delivery channels ie at ATMs and POS in different countries, the bank has temporarily restricted the use of its cards for overseas transactions,” stated the central bank.

In a notification to the PSX, BankIslami stated that it detected certain abnormal transactions valuing Rs2.6 million in one of its international payment card schemes on the morning of October 27, 2018.

“All the money withdrawn from the accounts ie Rs2.6 million has been credited in the respective accounts of valued customers,” said BankIslami Unit Head Corporate Affairs Muhammad Shoaib.

“Transactions of approximately $6 million as claimed by the international payment schemes are not acknowledged by the bank as the bank was actually logged off the international payment schemes at that time.”

The notice stated that all cash withdrawal transactions using the bank’s biometric service were restored on the same day ie Saturday.

Beware – hackers are going after ATMs in Pakistan

Shoaib, however, added that the international payment schemes would be restored after mitigating all the risks.

The SBP has instructed the bank to take all necessary measures to trace the vulnerability and fix it immediately. “The affected bank has also been instructed to issue advisory on precautionary measures to be taken by customers,” the statement added.

Furthermore, the central bank has also issued directives to all banks to foster arrangements to ensure security of all payment cards in the country and monitor on real-time basis the use of their cards, especially overseas transactions. “The SBP will continue to assess these developments in coordination with banks and take further measures, if required.”

The following directives have been issued to all banks in Pakistan to ensure that; security measures on all IT systems including those related to card operations are continuously updated to meet any challenges in future, resources are deployed to ensure the 24/7 real-time monitoring of card operations’ related systems and transactions, and immediately coordinate with all the payment schemes, switch operators and media service providers the banks are integrated with to identify any malicious activity of suspicious transactions.

“In case of any unusual incidents, banks are advised to immediately report to the SBP,” the statement read.

Facebook Conversations

Reader Comments (5)

  • Ahsan Saeed
    Oct 29, 2018 - 1:10PM

    It’s n’t a security breach or cyber attack. If anyone review it thoroughly only the fake accounts got affected. NAB has to intervene and investigate it.Recommend

  • Engr.Amir Sultan Rana
    Oct 29, 2018 - 2:51PM

    Cyber security is a prevailing issue in Pakistan. I think, Pakistan should take experts in this department to handle these types of situations. The IT network and electronics will increase more and more in the times to come. Its high time to have an eye on this sector too with deep interest.

    Have a separate department which only caters for all issues related to IT. Make it comprehensive and make it updated with time with new developments, this is indeed very important.

    Best of luck Pakistan.Recommend

  • Shauzab
    Oct 29, 2018 - 4:00PM

    which bank was it on which the attack occurred? Recommend

  • Zarrwer
    Oct 29, 2018 - 4:37PM

    Not possible without the involvement

    of banks people in management.Recommend

  • waqas
    Oct 30, 2018 - 5:57AM

    Compared to other countries the Pakistani online banking system is very vulnerable to cyber attaches. In South Korea, the online transactions are secured by multi-tier security features including online security certificate, security card, OTP and registered mobile phone device. Its high time for Pakistani banking sector to implement comparable security measures because its not only Pakistanis but international hackers also search for easy targets to hack and breach Recommend

More in Business