Digital crime is on the rise in Pakistan, as in many other parts of the world. With a majority of the people in the country being Illiterate or uneducated — and thus not tech-familiar — digital crimes become even easier. Pretty frequent, therefore, are the reports in the media of innocent people losing their hard-earned money to such crimes, including biometric data breach, debit/credit card information theft, email and internet fraud, cyberextortion, etc.
Among the foremost threats is biometric data breach. This threat continues to grow with the growing infusion of technology in the various sectors of the economy — banking and telecom industry in particular.
Biometric data or information is part of one’s identity. Unlike a password, it cannot be changed. When cybercriminals access biometric data — like fingerprints, retina image, facial features or voice patterns — they extract information that can be linked to one’s identity forever. Biometric data breach can let any cybercriminal use a victim’s fingerprints for renewing his CNIC, altering voter information, and making any type of registration where only fingerprints are required.
While individual biometric attributes are unique features and almost impossible to replicate or forge, cybercriminals penetrate into the systems and pull out one’s fingerprints to empty his bank account via ATM or get a SIM card issued via his thumbprint to carry out any terrorist activity.
Debit or credit card information theft is also common among digital thieves who are devising novel ways of carrying out fraudulent transactions through ATM. Skimming is one well-established technique being used globally for this illegal activity. This technique involves stealing debit or credit card information along with personal identification number i.e. PIN via different electronic devices. These devices are placed on ATM card readers and on ATM keyboards to get the needful. Sound devices are also used for collecting PIN. Skimming can easily be performed on the cards having magnetic strips. Data on magnetic strips can be skimmed and used in locations where smart chip is not required.
Cracking passwords to hack into email accounts and extract vital information like online banking details is among the earliest fraudulent tactics used by digital thieves. Use of strong passwords involving alphabets, numbers, characters and symbols — and making them case sensitive — is now being suggested to avert email fraud, but fraudsters continue to employ techniques to get ahead in the race.
According to media reports, the Federal Investigation Agency has arrested many Pakistanis as well as foreign nationals involved in depriving people of their bank deposits. Besides this, the Pakistan Telecommunication Authority keeps warning people against biometric scammers and online fraudsters.
Listed below are some solutions to avert the various types of online digital theft:
Databases having Personally Identifiable Information (PII) must not be on cloud, especially outside the country, as already forbidden by the State Bank of Pakistan; OTP must be activated for every ATM transaction on registered cellphone numbers along with PIN and biometrics, something that will add another layer to onion security structures; obtaining fingerprints on papers or forms should be stopped; a hash of the fingerprint should be saved in databases (that can’t be reverse-engineered) instead of actual fingerprints (digitally or on paper) that can be copied for malicious purposes; and cellular companies must use at least two scans from iris, retina, fingerprints or facial recognition for issuance of SIM card.
The authorities concerned must be a step ahead of digital thieves so as to secure their systems and save people from cyber frauds.
Published in The Express Tribune, February 23rd, 2021.