It’s not more than a week that Bank Islami was hit by one of the largest security breaches in 2018 which caused approximately 2.6 million Pakistani rupees loss to the Bank. It is important to note that total transactions were around 6 million rupees. The rest of the transactions were denied by the Bank hours after thousands of customer’s complaint on the helpline about unknown transactions. Well, it is also interesting to note that the bank itself was on denial mode at first when the customers called and State Bank of Pakistan issued a notification first and then the bank confirmed. This background here is just to emphasize the fact that the banks aren’t very serious related to their customers’ confidential information and rather don’t react in a proactive manner even in such a case of a security breach or the possibility of a cyber attack.
This security breach doesn’t end here. This is considered to be just the beginning of the “BIGGEST” security breach or as it is commonly being called the “BIGGEST” cyber attack faced by multiple banks. After the Bank Islami incident, it has been reported that a list of around 20,000 bank users has been shared on Dark web for sale and this list is available to all the hackers around the world now. The list contains sensitive data and account information of users of multiple banks which is being utilized for the biggest cyber attack in the history of Pakistan’s banking industry. It is suspected that users’ data has been stolen from almost every bank of Pakistan.
Remedies By The Banks
This incident has definitely shaken all the banks and now the data security of all the banks is under question by the central bank. Well, the first and foremost question to answer right now is that how has the data leaked at the first place and it’s pretty embarrassing that none of the banks know its answer. All the banks send reminders to the customers via SMS, calls, and emails to warn them not to share their account details and PIN code to anyone but do it suffice? The answer is now evident. There is a complete lack of IT security at the banks’ end and some serious actions should be taken in order to avert such kind of situation in the future. It’s the digital era where everything is done online. The world is now switching to online shopping from local as well as international retailers. But such kind of security breach has led everyone to re-think about the usage of their debit and credit cards online and internationally. Right now, all the Pakistani banks have closed any kind of international transaction and the users have to call the helpline in case of international transaction activation. This step can be considered as a step to minimize the effect of any future security breach, however, the threat is still there because the users’ list is already available to the hackers for $100 or $130 per person.
Compromised ATMs Or PoS Is The Main Culprit
Another viewpoint here is that the users’ information is not leaked for a specific bank, however, multiple users’ information from different Pakistani banks has been leaked implying that the data has been stolen via skimming. Skimming is a process where a skimmer device can be installed at ATMs or PoS and the data can be fetched whenever a debit or a credit card is swiped. This is another angle to the current security breach threat that shows that the breach hasn’t occurred due to lack of IT security but due to compromised ATMs or PoS where these devices have been installed.
It is the customers’ responsibility not to share their information with any of the disguised calls they receive. The banks explicitly mention that they do not call from official helplines and are trying to create awareness related to PIN code secrecy. There is news flooded all over TV and social media related to hackers calling from fake bank official helplines and asking for customers related to their debit card information and PIN codes. The people who are unaware of the current situation, share their information and then money is being transferred from their accounts in no time.
It’s the need of the time for the Pakistani banks to review and implement strict security digital and on-ground protocols in order to avoid such a cyber attack in the future.