Bank customers face surge in cyberattacks

Meezan Bank customers are facing a surge in unauthorised transactions, with reports circulating on social media about debit and credit cards being charged on various websites without consent.

In response, Meezan Bank has issued a customer advisory, advising them to avoid untrusted websites, refrain from using public Wi-Fi for banking transactions, and remain vigilant against phishing attempts. "There are news circulating on various social media platforms that peoples' debit and credit cards are being charged on several websites without their consent," Meezan Bank's advisory note said. "At 5:50am on Wednesday, my friend discovered unauthorised transactions totalling Rs1.4 million on Meezan Bank debit card, charged on Facebook in Malaysian currency. He has never used his card for online transactions," said Nouman Younas, Co-founder of AwamiWeb. He filed a fraud complaint with the bank.

There are two main reasons behind the recent surge in cyberattacks on bank customers – either a data breach or a customer being tricked into giving away his or her personal information, according to Dr Affan A Syed, a cybersecurity expert and startup founder.

Pakistan, in particular, has become increasingly vulnerable to such attacks, as highlighted by a recent incident involving Allied Bank customers.

Scammers often exploit the trust that users place in websites, especially the international ones. It is not always necessary for customers to provide credit card details; even seemingly innocuous information like phone numbers, ID card numbers, or email addresses can be used to breach personal data. This information is often found on the dark web and can be exploited to bypass security systems.

Scammers employ various tactics to trap people, such as honey traps or enticing them with links related to their interests, said Affan. Once users click on these links, scammers can gain access to their data. Additionally, they often trick individuals into revealing their one-time passwords (OTPs), further compromising their security.

Affan explained that a specific bank may be targeted if a dataset related to that bank is sold on the dark web or if someone has gained access to a particular set of data. Another possible cause could be an internal breach within the bank itself. He added, "There is no clear answer until an expert thoroughly examines their system."

"Meezan Bank would like to inform its customers and the general public that the rumours regarding data breach at Meezan Bank are entirely false," said the advisory. "Meezan Bank is PCI certified and all its cards are EMV and 3DSecure compliant. We assure our customers that their data is completely safe with us and there has been no security breach whatsoever."

The bank advised customers to take the following precautions while using their cards online: avoid using your cards on untrusted websites where card information may be at risk; do not use public Wi-Fi networks for any banking transactions; be cautious about phishing emails, messages, or phone calls asking for card details or OTPs, even if they appear to be from a trusted website; immediately inform your bank if your card is lost or stolen.

Meezan Bank said that all disputed transactions reported to the bank recently were unsecured e-commerce transactions. These transactions are covered under the chargeback mechanism of international payment schemes and are being fully reimbursed to the affected customers.

"We are taking all necessary measures to make sure that such customers are compensated as soon as possible."