Alarming data theft

In a shocking revelation, head of the Federal Investigation Agency’s (FIA) cyber crime wing has said that data from “almost all” Pakistani banks was stolen in a recent security breach. FIA has written to all banks and a meeting of banks’ heads and security managements is being called. The meeting will look into ways the security infrastructure of banks can be bolstered.
This major security breach is testimony to the fact that on-line banking in Pakistan was not safe and almost all the banks were vulnerable to hacking and misuse of credit/debit cards. According to details, data of about twenty thousand cards of 22 Pakistani banks was compromised and many of the account holders lost the deposits in their accounts. The hacked cards were put on sale on the dark web at a price ranging from $100 to 160 a card. The hacked credit card data is available in two formats. First is text-based credit card details: full name, address, phone number, card number and expiry which can be easily used by someone for illegal online purchases. The second format is skimmed dumps, which means the hacker was physically able to scan the card details possibly at a compromised ATM or merchant machine. Many banks have justifiably blocked international transactions through credit/debit cards and others have also temporarily halted disbursement of cash through ATMs in a bid to save their customers.
However, it is strange that almost all banks have specialised sections and departments dealing with IT, networking and online security but regrettably none of them was able to prevent this data theft, which would shatter confidence of the customers in the ability of the banks to secure their deposits. It is hoped that the meeting convened by FIA would thoroughly review the standard measures including use of firewalls, anti-virus protection on bank computers, fraud monitoring and website encryption, which scrambles data so only the intended recipient can read it. Experts say it is not safe for a person to do online banking through public networks or Wi-Fi unless each page visited is encrypted; anti-virus software should be updated on home computers and mobiles; get text-alerts from banks and banks themselves should use industry-standard security.

Share this post

    scroll to top