Millions hacked from Pakistani bank; Central bank cautious on safety of 22 banks and payment systems

Last Updated: Wed, Nov 07, 2018 12:49 hrs
Credit Card (PTI image)

Digital payment systems, majorly debit and credit card channels in Pakistan have been reportedly affected. This, after a report of a card-cloning scam that resulted in a loss of millions for a Pakistani bank.

Security of credit and debit cards issued by 22 Pakistani banks were under risk after the Pakistan Computer Emergency Response Team confirmed that 20,000 debit and credit cards issued by the banks were cloned and skimmed.

Card cloning is a technique using which details from a bank issued card are copied onto a new card. Card cloners use this technique for illegal transactions.

Actual estimates of the damage are yet to be calculated, but an initial report pegs the loss at $20,000.

Mohammad Shoaib, head of Pakistan Federal Investigation Agency's cyber-crime unit, was quoted explaining two television stations that "almost all" banks had been hit by hacking and a "large amount of money" had been stolen.

Shoaib was also quoted in a report by Geo News that "data from almost all Pakistani banks has been reportedly hacked."

BankIslami was among the first banks to be reported by the PakCERT in a threat report. The bank had first noticed unusual transactions of 2.6 million rupees or approximately $20,000 on Oct. 27 and had temporarily shut down its international payments system. PakCERT said that details of cards were posted on the dark net, an area of the Internet only accessible via special web browsers that ensure anonymity.

Dark net users could then access the cards to make online purchases but it was not clear how much money in total had actually been stolen.

"Subsequently, several other banks issued security alerts and either completely blocked customers' debit and credit cards or blocked their online and international use," PakCert said in its report.

In a statement, BankIslami said, it shut down the international and online payments systems and notified the central banking regulator.

The bank further added that the illicit transfer of 2.6 million rupees was returned to customers' accounts.

Soon after confirmation of the card-hack, the regulator- State Bank of Pakistan tried to reassure investors and consumers that the banking system had not been hacked with.

SBP also said that it had instructed all banks to increase their scrutiny after a lender reported the problem last week. The Central Bank clarified, "It has been noted with concern news items reporting that the data of most banks has been hacked. SBP categorically rejects such reports."

Here are some reponses from Twitter: