A Security Breach Resulting In PKR 2.6 Million Loss to Bank Islami

Bank Islami Security breach due to hacking
Courtesy: Brandsynario

The news that shook Bank Islami customers this weekend was that anonymous international transactions were carried and customers were getting SMS alerts about the money being deducted from their accounts without their consent and knowledge. Well, we have been hearing about this news and are really concerned about what actually happened and how this security breach occurred in the first place. We have tried to gather all the news for our readers and this article will be covering all the aspects of Bank Islami security breach, hacking procedure, and precautionary measures.

Bank Islami Security breach due to hacking
Courtesy: Daily Money Management Service

Actual Incident

On 27th October, Bank Islami customers started getting notifications about the money being deducted from their accounts via ATMs and PoS (Point of Sales). This was definitely a point of major concern to the customers who had no idea regarding the transactions and they complained via calling the helpline. The bank at first didn’t know anything regarding the security breach and didn’t entertain the customers’ queries. Some hours later, State bank of Pakistan took notice of the entire situation and published a notification to all the banks and financial institutions instructing them to regularly monitor IT security and to be vigilant in case of any sort of cyber-attack.  Following notification was published by the central bank:

Bank Islami Security breach due to hacking

Bank Islami took hold of the entire situation and went to social media regarding the security breach. It has been estimated that around 6 million rupees have been deducted from the bank out of which PKR 2.6 million has been stolen from various accounts and rest of the transactions have been declined by the bank. Moreover, the bank has deposited the stolen money back in respective accounts. It is shocking to know that it is the 3rd largest cyber-attack in Pakistan in 2018. Earlier this year, Habib Bank and Careem were hit by the cyber-attack.

Security Breach and Hacking

Well, this is the news that has been flashing online and on social media but we are sure that we all want to know how this happens and what can be done to avert this kind of grave situation in future. Well, our debit card and credit card contain following personal information:

  • Name
  • Card Number
  • Expiry date
  • CVV number

All of the above information is required to do any kind of online transaction. Other information is your CNIC and pin code. Since all of this information is quite personal and is known to only two parties i.e., the customer and the bank so the question arises how is this information leaked and how any third party can make a transaction on behalf of the actual customers without their knowledge. Well, there are hackers working online who can steal this information via different techniques and can sell online on Dark web. This is how users’ information is leaked at the very first step. This information is sold online to third party hackers. Once the information is sold, this information is then ported to duplicate debit and credit cards. This is another procedure of hacking where the users’ data is duplicated on exactly similar debit/credit cards. Once, this process is done, the cards can be used anywhere to withdraw money from ATMs and at POS.

Precautionary Measures

All the banks and financial institutions firstly have to monitor their IT security that how their customer’s data is accessed at the first place. For this particular incident, Bank Islami has currently suspended all the international transactions. All the users who intend to activate international transactions, have to call the helpline to activate after Bank Islamic security breach. All the companies around the world hire ethical hackers just to ensure the security of their data. This is some serious security breach and banks should take all the precautionary measures and steps to protect customers’ data. On the other hand, as repeatedly instructed to the users, they must also not share their credentials with anyone via SMS or online. On one hand, the digitalization of data has made our lives simpler, however, the dark side is the constant threat to data security.