KARACHI: If you are a debit cardholder of BankIslami, Allied Bank Limited, JS Bank, Habib Bank Limited, Bank Alfalah, Standard Chartered, United Bank Limited, Faysal Bank, Silk Bank or Muslim Commercial Bank (MCB) chances are that you have recently received a text message from your bank informing you that international ATM transactions have been temporarily disabled for your debit cards.
It is too early to say with surety whether this has come in wake of a cyber attack, a possible fraud in billions of rupees happening to Bank Islami, or some routine order issued by the State Bank. Or it could be all three.
In a comment to Profit, State Bank of Pakistan Spokesperson Abid Qamar said that “The State Bank of Pakistan (SBP) issued a press release on instructions to banks last week. We have not asked any bank to specifically stop transactions outside the country. This is their own decision. There are many banks which have not done this.”
According to the press release issued by Bank Islami on October 29, the bank “encountered a cyber-attack from unknown hackers on 27th October 2018” and immediately shut down all international transactions originating from International Payment Scheme and signing out from inter-operability switch.
According to the statement, the transactions that took place as the result of this attack amounted to Rs 2.6 million and were also recredited into the accounts from which they took place.
The actual amount of transactions, however, is estimated to be in billions of rupees, but the bank is of the opinion that since the connection of the bank was disconnected with VISA, the Bank Islami is not responsible for the amount of transactions.
The statement said, “since the connection was disconnected between the international payment switch, the amount reported by International Payment Scheme via international transactions (worth 6.1 million dollars), was not processed by Bank’s system.”
Following the event, the State Bank of Pakistan issued directives to all the banks to ensure the security of all payment cards in the country and monitor on real-time basis usage activity of their cards, especially overseas. The messages received today are a possibly a result of that.
However, Profit has learned from a senior banker that there might be a major fraud rather than a cyber attack within Bank Islami.
Information Security researcher Rafay Baloch wrote on social media site, “As per the information obtained through my sources, the credit card data used to carry fraudulent transactions was obtained from Darkweb. The details were stolen by using various techniques such as Skimming, Phishing, Vishing etc.”
Please note that I have not overruled the possibility of internal bank server breach combined with skimming, vishing and phishing.
— Rafay Baloch (@rafaybaloch) October 29, 2018
He further wrote, “Precautionary steps that were taken were by shutting down international payment schemes (Local and International POS, ATM and e-commerce) highlights a key fact that the information systems were not resilient to cyber-attack.”
In continuation of my previous post related to Bank Islami breach, I am attaching screenshot of debit card dumps for the said bank being sold on DarkWeb. The bank name can be verified from bin code lookup. #Bankislami #breach #creditcards #debitcards pic.twitter.com/CPAImUa5iG
— Rafay Baloch (@rafaybaloch) October 29, 2018
So far no other bank has reported any cyber attack or fraudulent activity within their accounts.
