Banks say security systems intact to protect customer data

KARACHI: Commercial banks on Wednesday said they have strengthened security systems and increased surveillance to protect their data from any potential cyber assault in the wake of a recent hacking attack on a bank.

Major banks, including HBL, Faysal Bank, Bank Al Habib, Allied Bank, First Women Bank, Silk Bank, and Telenor Microfinance Bank (TMB) said their data “is safe from cybercriminals with systems in place to ensure safety and security for customer information”.

All the banks also assured their customers to continue using their products and services as their systems were secure and data safe from hackers and any hacking attempts.

A day earlier, the Federal Investigation Agency said a group of international hackers have stolen thousands of customers’ data of Pakistani commercial banks and sold it to hackers in Poland, Estonia and some other countries. The central bank however categorically denied such claims and said no such information or evidence had been provided to it.

The State Bank of Pakistan (SBP) on Tuesday said it “would like to emphasise that except for the incident of October 27, 2018 in which reportedly the IT security of one bank was compromised, no breach has been reported”.

Meanwhile, the Pakistan Banks’ Association (PBA) said only one bank’s IT security was compromised, reiterating the central bank’s earlier statement rejecting reports that the data of Pakistani banks had been hacked.

A spokesperson of the PBA emphasised that SBP guidelines for establishing cyber security issued in 2017 for necessary compliance by all banks were comprehensive and covered all aspects of technology. The PBA, in its endeavour to support the industry as well as SBP, had already established a dedicated forum for cyber security.

“It is important to understand the difference between fraudulent transactions and hacking attempt. Fraudulent transactions can be successful without hacking the bank,” the spokesperson said.

According to the spokesperson, the IT security of one bank was compromised, “other than that no breach has been reported”. He said the industry was moving towards the digital era, and considering the risks and threats, banks were continuously developing, strengthening and implementing risk-based controls in their environments.

“When a cheque book or a leaf of a cheque book is lost, it can be used by fraudsters to steal money. Likewise, if a credit or debit card is lost or stolen, it can also be used in fraudulent transactions,” he added.

Such fraudulent transactions did not mean that the technology infrastructure of the bank was hacked. Similarly, if the data stored in the debit or credit card was fraudulently copied or stolen, then such data could be saved on a duplicate fake card.

“Such a fake card can also be used to do frauds, especially if the fraudster also finds out the PIN associated with the original card,” the PBA spokesperson explained. The spokesperson advised the banking customers not to respond to requests for their confidential and personal information via various channels including, but not limited to, SMS, email (with or without embedded links), and phone calls to protect themselves against any identity theft or fraud.