Stolen data of Pakistan bank clients available in illegal market

IT expert suggests self-security measures to prevent loss of consumer information

Salman Siddiqui November 18, 2018
ATM users should hide keypad with one hand while entering PIN code, as sometimes thieves install hidden micro camera near and around the keypad. PHOTO: REUTERS

KARACHI: Whether cyberattacks on Pakistani banks are occurring repeatedly or not, the ‘stolen’ payment cards data of banking clients is time and again being put on sale at underground card shops, since the theft worth Rs2.6 million was reported on October 27.

“This is just the beginning,” SI Global Solutions CEO Noman Said, who played a leading role in the Islamabad Safe City project, warned in a conversation with The Express Tribune.

“It would not be surprising if Pakistan’s (banking system) reports mega cyber thefts in the future,” he said, adding, “Generally, they do not upgrade the technology by given timelines...We are still using 20-year-old technology in many cases.”

The world, including India, has upgraded their payment system through debit and credit cards. They ask for PIN code to process payments at restaurants, shopping malls and at other Points of Sale (POS). To the contrary, Pakistanis are still relying on the decade-old technology, which processes financial transactions without asking for the PIN code, which “could be a huge source for (potential) cyber security breach in the future”, he added.

Latest reports coming from the underground shops suggest that over 150,000 compromised payment cards, mostly belonging to leading banks in Pakistan, were put on sale this week.

The Federal Investigation Agency (FIA)’s cybersecurity wing has claimed that it has caught the culprits involved in stealing data from ATM machines.

Banks to conduct biometric verification in 3 phases

The State Bank of Pakistan (SBP) and majority of the banks operating in Pakistan have, however, categorically denied any fresh cyberattacks since BankIslami Pakistan reported online breach of system in which it lost Rs2.6 million on October 27.

Most of the banking clients’ data, available on sale, was stolen through attaching skimming devices with ATM machines in different parts of the country, ICT experts said.

Self-security measures

ICT expert Pervez Iftikhar said people can avoid such robberies through self-security measures, including making sure that ATM machines they are using are not attached with skimming devices.

• Skimming devices look exactly like the original ATM card readers and keypads and are attached at the two main points of the machines. ATM users should hide keypad with one hand while entering the PIN code, as sometimes thieves install a hidden micro camera near and around the keypad.

• Debit and credit cardholders should also avoid handing over their cards to others for the purpose of making payment transactions.

• They should also avoid sharing sensitive ATM card information such as the PIN code and answers to secret questions at the time of opening a bank account or acquiring debit and credit cards.

“Cardholders should not respond to the phone calls seeking sensitive information. They should not share such information even if the callers claim they are calling from the SBP, NADRA, law enforcement agencies, etc as they do not seek such data,” he said.

• The online bank users, including apps installed on mobile phones, should keep changing their passwords frequently and passwords of different accounts and applications should not be the same.

• They should prefer thumb impression-enabled ATM machines, if available, as this latest feature does not allow anyone to copy sensitive data from plastic cards..

They said the nation can overcome cyber securities issues once they are made aware of that. “We have a tendency of investing more on technology and less on awareness of its perfect use,” Said commented.

“Most of us invest huge on technology, but in the wrong directions. We have a tendency of cut/copy and paste. We need a research culture to study our end-users need and then acquire technology accordingly,” he remarked.

The country needs to invest more on human resources and research and convince investors to invest in technology development here instead of just importing technology.

Pakistan's banking system witnesses another cyberattack

This would end the gaps between importing technology for banks - let’s say - its deployment, networking, obsoleting and upgrade, he said.  He urged upon the federal government to become self-reliance in the field of technology research and development as it spends billions of rupees annually on imports.

Published in The Express Tribune, November 18th, 2018.

Like Business on Facebook, follow @TribuneBiz on Twitter to stay informed and join in the conversation.

Facebook Conversations


Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ

Load Next Story