Digital payment systems, majorly debit and credit card channels in Pakistan have been reportedly affected. This, after a report of a card-cloning scam that resulted in a loss of millions for a Pakistani bank.
Security of credit and debit cards issued by 22 Pakistani banks were under risk after the Pakistan Computer Emergency Response Team confirmed that 20,000 debit and credit cards issued by the banks were cloned and skimmed.
Card cloning is a technique using which details from a bank issued card are copied onto a new card. Card cloners use this technique for illegal transactions.
Actual estimates of the damage are yet to be calculated, but an initial report pegs the loss at $20,000.
Mohammad Shoaib, head of Pakistan Federal Investigation Agency's cyber-crime unit, was quoted explaining two television stations that "almost all" banks had been hit by hacking and a "large amount of money" had been stolen.
Shoaib was also quoted in a report by Geo News that "data from almost all Pakistani banks has been reportedly hacked."
BankIslami was among the first banks to be reported by the PakCERT in a threat report. The bank had first noticed unusual transactions of 2.6 million rupees or approximately $20,000 on Oct. 27 and had temporarily shut down its international payments system. PakCERT said that details of cards were posted on the dark net, an area of the Internet only accessible via special web browsers that ensure anonymity.
Dark net users could then access the cards to make online purchases but it was not clear how much money in total had actually been stolen.
"Subsequently, several other banks issued security alerts and either completely blocked customers' debit and credit cards or blocked their online and international use," PakCert said in its report.
In a statement, BankIslami said, it shut down the international and online payments systems and notified the central banking regulator.
The bank further added that the illicit transfer of 2.6 million rupees was returned to customers' accounts.
Soon after confirmation of the card-hack, the regulator- State Bank of Pakistan tried to reassure investors and consumers that the banking system had not been hacked with.
SBP also said that it had instructed all banks to increase their scrutiny after a lender reported the problem last week. The Central Bank clarified, "It has been noted with concern news items reporting that the data of most banks has been hacked. SBP categorically rejects such reports."
Here are some reponses from Twitter:
State bank of Pakistan doesnt allow banking to use any leading cloud platform which is 24/7 monitored globally updating by best security solutions. "Hail to their brains." they are happy with their server rooms like idiots— Sana (@sunzinx) November 6, 2018
In April 2018, i requested Supreme Court of Pakistan, take immediate action and to direct the State Bank of Pakistan to frame cyber security policies for financial institutions.— shahid jamal Tubrazy (@shahidtubrazy) November 6, 2018
Lest Hackers and Scamers, like in Bangladesh Banks, would not sabotage our financial industry. pic.twitter.com/hYr44gQ1Sm
Those who have account in Dubai Islamic bank must check your account statement, because hackers have stolen 6.2 Million Dollars from this bank. Thatswhy State bank of Pakistan closes all the online payment services.#Pakistani— Shayan Siddiqi (@Shayansdqi) November 5, 2018