Why ‘Almost All’ Pakistani Banks Were Hacked

Posted on Posted inBE2C2, Pakistan

Most Pakistani banks maintain only minimum security for its website transactions–the compromise was detected only after it was breached and transactions made successful

Returns of Pakistani banks have been around eight percentage higher than regional peers over the last five years

KARACHI (Nov 7, 2018): The head of Federal Investigation Agency’s (FIA) Mohammad Shoaib cyber crime wing has said data from “almost all” Pakistani banks was compromised in a recent security breach.

Speaking to local media, the director revealed that hackers based outside Pakistan had also stolen large amounts of money from people’s accounts.

There is a meeting of the banks’ heads and security managements scheduled with the FIA, to improve security measures in banks.

According to an IT security professional, most Pakistani banks maintain a minimum security threshold for overseas transactions–the compromise was detected only after it was breached and  transactions made successful.

“The preventive and mitigation system is costly and slows down the operations quality, so banks tradeoff on security and fraud risks. Also, Pakistan does not have cyber security specialists on a high level,” the professional added.

Over 100 cases are being investigated by the agency in connection with the breach. However, it isn’t clear when it took place exactly.

Shoaib said the agency has arrested many gangs involved in cyber crimes and recovered stolen money from them.

The director’s statement comes days after around ten banks blocked all international transactions on their cards, due to concerns about a breach of credit and debit card data.

According to Krebs, data of over 8,000 account holders of about ten Pakistani banks was sold in a market of hackers.

The first cyber attack was reported by Bank Islami on 27 October, where PKR 2.6 million ($19,400) were stolen from international payment cards, and some debit cards.

As for debit cards, most banks overseas have “Fraud Units” which monitor and detect their potential use overseas, if the card holder hasn’t informed the bank prior to his or her departure outside the country. Absence that, the debit card won’t work overseas.

According to the professional who is doing PhD in Cyber Security, said each country has national cyber security unit. Pakistan doesn’t have one yet. No cyber security law exists while cyber crime laws do exist, he said on condition of anonymity.

Speaking to PKonweb, the security professional said the country’s cyber experts are not sponsored by the government unlike other countries. For example, in Cyber drills Asia Pacific, all countries in the region including Bangladesh, India, Sri Lanka had govt sponsored national teams. Pakistan’s
team was on its own — with no govt sponsorship.

In 2017 there were 22 countries who participated in the OIC cyber drill hosted by Malaysia, he said. “It’s an online drill. While other teams were sponsored by their governments, Pakistan team did not have government sponsorship.”

Pakistani banks also do not carry depositors’ insurance as practiced internationally, and even if some do on their own on retail banking (individual account holders) side, the account holders may not be aware of it, said a former banker.

In the US for example, every bank is mandated to insure depositor’s money up to US$100,000 with the Federal Deposit Insurance Corporation (FDIC).

FDIC is a US government corporation providing deposit insurance to depositors in U.S. commercial banks and savings institutions. The FDIC was created by the 1933 Banking Act, enacted during the Great Depression to restore trust in the American banking system.

In shot, as things stand, individual depositors in the country have their monies stored in the banks without “institutionalized” protection, unless the State Bank has rules and practices in place protecting their deposits from identity theft, fraud, cyber crime, liquidation, etc. In some cases it has stepped in in public interest, the former banker said.

Meanwhile, the good news is Pakistan’s banking sector remained sound and stable in 2017, with total assets growing to Rs 18.34 trillion (USD 159.5 billion) from Rs 15.83 trillion (USD 150.76) in 2016.

As per Pakistan Economist report, returns of Pakistani banks have been around eight percentage higher than regional peers over the last five years.

Leave a Reply

Your email address will not be published. Required fields are marked *