Six Pakistani banks suspend debit cards use abroad

KARACHI: At least six Pakistani banks have suspended usage of their debit cards outside the country after a bank suffered a cyber attack last week that siphoned off Rs2.6 million to the dismay of its unsuspecting consumers, people in the know said on Saturday.

They said six banks have so far stopped the facility of debit cards in overseas markets.

Abid Qamar, chief spokesman of the State Bank of Pakistan (SBP) told The News that banks took various measures to protect their information technology systems from cyber attack following the central bank’s instructions.

“It has come to our notice that few banks have even withdrawn the facility of cards being used outside Pakistan,” Qamar said. “Some are (however) allowing this facility upon instructions of their customers only.”

On Sunday, the central bank asked commercial banks to ensure safety of their payment cards from security breach after fraudulent overseas transactions, using BankIslami’s debit cards, were unearthed over the weekend.

While BankIslami claimed that all monies – Rs2.6 million (approximately $19,500) withdrawn from the bank accounts, using its cards, have been credited to the accounts of customers, an international payment scheme put the transactions at around six million dollars.

The SBP said the banks that halted their foreign plastic cards’ operation are likely to come back online soon.

“We expect such facilities will be restored as banks upgrade their systems to meet any cyber attack challenge in future,” Qamar added.

“Banks are required to inform SBP and peer banks of any imminent threat that comes to their knowledge and SBP will take all possible actions to safeguard the banking system.”

Bankers said cyber security is the biggest risk to the financial system across the world as well in Pakistan.

“Banks are investing less in their cyber security systems,” a banker said, requesting anonymity. “They need to invest more to ensure they are resilient to cyber threats… and comply with the set of rules for coping with cyber attacks.”

A Moscow-based anti-fraud firm the Group IB said nine Pakistani banks, including BankIslami, Habib Bank, JS Bank, Faysal Bank, Soneri Bank, Bank of Punjab, Bank Alfalah, Silkbank, and MCB Bank witnessed abnormal transactions.

The information security firm didn’t mention the affected transactions of the banks, but in a report earlier this week it said BankIslami became victim of cybercrime attack after detecting abnormal transactions on one of its international payment card schemes.

The Group IB, citing the SBP, said compromised cards of BankIslami were cashed out via automated-teller machine and point-of-sale in different countries, including USA and Russia.

The Group IB said it is very rare that Pakistani cards come on sale at the online underground markets.

“An interesting fact is that cards from this region are very rare on the card shops, in the past six months it is the only one big sale of Pakistan cards,” the global leading computer forensic firm said in a flash note.

There were also 849 cards, which belonged to banks from other countries and 914 dumps of undefined banks, on sale at a cardshop, Jokerstash.

“Taking into account the facts that this base appeared on the cardshop right before detection of fraud activity in transactions of Bankislami and that it is the only big case involving Pakistani cards, most likely this sale is related to mentioned cybercrime attack,” the Group IB added.

“It is probable that the cards were compromised before 26 October, and then part of them were used by the cybercrime group to cash out via the international payments network and other cards were sold to Jokerstash cardshop.”