LAHORE: Pakistan’s banking system has once again become a target of cyber-attack, meanwhile sources claim that BankIslami is the only bank that has been affected in the recent attack that took place on Saturday.
Earlier on Saturday, BankIslami ATM cardholders and online users reported irregular activity and multiple unauthorised international transactions. The Bank, however, refuses to acknowledge the figure issued by the international payment provider, VISA and other industry sources which are currently estimated at $6 million to $6.5 million.
In a notification to the Pakistan Stock Exchange (PSX), BankIslami stated that it detected certain abnormal transactions valuing Rs2.6 million on one of its international payment card schemes on the morning of October 27, 2018.
Sources within the bank state that the monies withdrawn from customer accounts is currently estimated at Rs2.6 million and has been deposited in the respective accounts. BankIslami’s Unit Head Corporate Affairs Muhammad Shoaib while talking to a section of the media said, “Transactions of approximately $6 million as claimed by international payment scheme are not acknowledged by the bank as the bank was actually logged off from the international payment scheme at that time.”
The bank, however, has advised its customers to take extra caution during financial transactions.
Sources on terms of anonymity told Profit, “The transactions mainly originated from Brazil and the US, meanwhile, the bulk of the transactions can be traced back to Point of Sale (POS) at Target Stores.” He added, “There is a clear breach of information at BankIslami’s part and it is being speculated that a digital copy of BankIslami customer’s credit card information was leaked to hackers.”
While explaining how banks and customers can become a victim of such cyber-attacks he added, “People often use their cards at POS while at times hackers use dummy machines to scan card details which they later print onto empty plastic cards which are easily available in the market. Secondly, sometimes there are internal information leaks and most of the times members of staff are involved in such attacks.”
Meanwhile, it has been reported that Allied Bank Limited (ABL) and JS Bank have restricted ATM and overseas transactions until they can investigate the extent of the attack. Sources within ABL told Profit, “The bank has carried out a full-fledged investigation into the recent attacks and we can safely say that none of the bank’s customer’s data was leaked and all our accounts are completely protected.”
The State Bank of Pakistan (SBP) has also temporarily restricted usage of its cards for “overseas transactions (only),” the central bank said in a statement late on Sunday night.
“As a result of a security breach of payment cards of one of the banks in Pakistan on Saturday and their unauthorised use on different delivery channels i.e at ATMs and POS (point of sale) in different countries, the bank has temporarily restricted usage of its cards for overseas transactions,” stated the central bank.
SBP has instructed the bank to take all necessary measures to trace the vulnerability and fix it immediately. “The affected bank has also been instructed to issue advisory on precautionary measures to be taken by customers,” the press release added.
“Further, SBP has also issued directives to all banks to foster arrangements to ensure the security of all payment cards in the country and monitor on real-time basis usage activity of their cards, especially overseas transactions. SBP will continue to assess these developments in coordination with banks and take further measures if required,” the official statement read.
The central bank also issued the following directives have been issued to all banks in Pakistan to ensure that; “Security measures on all IT systems including those related to card operations are continuously updated to meet any challenges in future. Resources are deployed to ensure the 24/7 real-time monitoring of card operations related systems and transactions. Immediately coordinate with all the payment schemes, switch operators and media service providers the banks are integrated with to identify any malicious activity of suspicious transactions.”
It is pertinent to mention that the latest attack is the third major cybersecurity breach in the country and second within the banking sector in less than 10 months.