By Banking system of Pakistan has become a victim of cyber-crime once again. The sources declare that BankIslami is the merely bank that has been impacted in the recent threat that occurred previous weekend on Saturday.
Online users and ATM cardholders of BankIslami stated some irregular action and noted massive unauthorized transactions done internationally earlier on Saturday. However, The bank denies entirely about the figure mentioned by the VISA, international payment provider, and other industry sources which are actually approximated about $6 million to $6.5 million.
BankIslami reported in a notification mentioning to the Pakistan Stock Exchange that it discovered definite irregular transactions were noted on in the morning of October 27, 2018. The transactions worth about Rs. 2.6 million on one of its global payment card schemes. The sources within the bank report that the monies withdrawn from user accounts is presently roughly calculated worth Rs. 2.6 million and has been transferred in the separate accounts.
BankIslami’s Unit Head Corporate Affairs Muhammad Shoaib while talking to a section of the media said, “Transactions of approximately $6 million as claimed by international payment scheme are not acknowledged by the bank as the bank was actually logged off from the international payment scheme at that time.”
However, BankIslami has recommended its esteemed customers to take extra cautiousness while performing their financial transactions.
Sources on terms of anonymity told Profit, “The transactions mainly originated from Brazil and the US, meanwhile, the bulk of the transactions can be traced back to Point of Sale (POS) at Target Stores.” He added, “There is a clear breach of information at BankIslami’s part and it is being speculated that a digital copy of BankIslami customer’s credit card information was leaked to hackers.” While explaining how banks and customers can become a victim of such cyber-attacks he added, “People often use their cards at POS while at times hackers use dummy machines to scan card details which they later print onto empty plastic cards which are easily available in the market. Secondly, sometimes there are internal information leaks and most of the times members of staff are involved in such attacks.”
In the meantime, it has been observed that JS Bank and Allied Bank Limited have set limits on ATM and international transactions until they can analyze the degree of the threat.
Sources within Allied Bank Limited told Profit, “The bank has carried out a full-fledged investigation into the recent attacks and we can safely say that none of the bank’s customer’s data was leaked and all our accounts are completely protected.”
The State Bank of Pakistan has merely limited the usage of its ATM cards for the time being for overseas transactions only. This statement was reported late on Sunday night by the central bank in its statement.
“As a result of a security breach of payment cards of one of the banks in Pakistan on Saturday and their unauthorised use on different delivery channels i.e at ATMs and POS (point of sale) in different countries, the bank has temporarily restricted usage of its cards for overseas transactions,” stated the central bank.
The State Bank of Pakistan has notified all the banks to take essential precautions to trace the flaw and patch it instantly.
“The affected bank has also been instructed to issue advisory on precautionary measures to be taken by customers,” the press release added. “Further, SBP has also issued directives to all banks to foster arrangements to ensure the security of all payment cards in the country and monitor on real-time basis usage activity of their cards, especially overseas transactions. SBP will continue to assess these developments in coordination with banks and take further measures if required,” the official statement read.
The State Bank of Pakistan has also provided the subsequent instructions that have been released to all Pakistani banks to make sure that;
“Security measures on all IT systems including those related to card operations are continuously updated to meet any challenges in future. Resources are deployed to ensure the 24/7 real-time monitoring of card operations related systems and transactions. Immediately coordinate with all the payment schemes, switch operators and media service providers the banks are integrated with to identify any malicious activity of suspicious transactions.”
It is appropriate to reference that the current threat is the third considerable Cybersecurity violation in Pakistan and the second attempt within the banking sector in just less than ten months so far.
