KARACHI: The recent cyberattack on the Pakistani banking system remains an ongoing phenomenon. The online security breach is now feared to have hit about nine banks compared to initial reports of only one bank being impacted last week.
Although no new online fraud has been reported since BankIslami Pakistan lost Rs2.6 million in a cyberattack in the last week of October, a number of banks have confirmed to The Express Tribune they have suspended their services for international payment transactions through their debit and credit cards days after the overseas hackers stole banking clients’ data.
Earlier, the bank had reported losing Rs2.6 million in the cyberattack, but the international payments system detected total losses to the tune of $6 million (approximately Rs795 million) to the Pakistani financial sector. It, however, has remained unresolved as to who suffered the loss if it was not BankIslami Pakistan.
BankIslami Pakistan claimed that it had averted a bigger financial loss to the tune of $6 million as it exited from the international payment system.
As per latest information, the loss of $6 million has become disputed between the bank and its international payment card providing company. And now the dispute between the two has landed in a court of law in the country. The nine banks, which are scared of the cyberattack in the latest episode, include two of the top-five names, tier-two and tier-three banks.
Their clients, however, would face no trouble in making financial transactions through ATM or online banking within Pakistan.
“Yes, we have suspended our services for international financial transactions and online shopping in overseas markets about 3-4 days ago…for an indefinite period,” an official of Soneri Bank said.
“The services were suspended in order to avoid online fraud with our clients following…(a) bank lost a valuable amount in a cyber-security breach last week,” he said.
Another bank said in an email to one of its clients, “Bank AL Habib has temporarily disabled your VISA Debit Card for international POS (Point of Sales)/ATM usage for security reasons….any inconvenience is deeply regretted.”
A JS Bank official replied that their services for international transactions had remained temporarily suspended since the day the country encountered the cyberattack. “We have not changed the status of our services for international payments.” “We would provide international services to only those clients who would ask us for the services through phone banking,” he said.
State Bank of Pakistan (SBP) spokesman Abid Qamar said, “There is always a risk of cyberattack. No one can deny that. This is an international phenomenon and not Pakistan-specific.”
“The (nine) banks have switched off international payment schemes to upgrade their IT and related security systems to avoid cyber fraud.”
The central bank had asked them to improve their security system following the cyberattack on the Pakistani banking system last week. The suspension of international services by the banks coincided with the appearing of an anonymous letter from unknown sources claiming that plastic cards of Pakistan’s banking origin were available in the international market.
“The availability of the cards is surprising as Pakistan does not put its banking cards on sale in the market,” the letter said.
It said over 8,700 cards of Pakistan banks were found in the business.
The SBP spokesman replied that the letter talks about illegal and grey market transactions and it was almost impossible to check the authenticity of the letter and the transactions it talked about.
Published in The Express Tribune, November 4th, 2018.