Thursday April 25, 2024

FIA plans to counter cyber-attacks on banking system growing at scary pace

By Shakeel Anjum
July 17, 2022

Islamabad : The top bosses of the Federal Investigation Agency (FIA) have chalked out a plan to initiate a crackdown with the assistance of commercial banks against telecom hackers involved in the transfer of the heavy amount of clients of different banks in their fake accounts, the FIA told this scribe.

As the incidents of cyber-attacks on the banking system in the country are growing at an alarming pace, the sporadic SMS messages being sent to the account holders is clearly not enough and does not absolve the banks from their responsibility to protect their customers and clients.

Gangs of hackers are active in the country to transfer bank clients by using virtual technology to get personal identity numbers (PIN). The gangs of fraudulent, anyhow, get secret indicators of the bank clients after tracing secrecies of their bank accounts on phones pretending themselves as their bankers, and easily transferring heavy amounts to their accounts. “The hackers are operating their system from abroad or function from far-flung areas of the country,” an officer of the FIA said when contacted to inquire about the reasons for ignoring the sensitive issue of hacking.

It is evident that so far the banks have been unable to ward off the attacks launched by hackers as a result of which people are losing millions of rupees. The situation makes it imperative for the banks to employ technology and strengthen the firewalls they have put in place to prevent hackers from logging into the bank accounts of their clients, a banking expert said when asked.

Again it is evident that the firewalls put in place by the banks to prevent hackers from accessing a bank account are not strong enough. In the present system for a client accessing his or her bank account electronically, there are not enough security checks.

The banks are required to create a multiple cross-check security system, at least three tier if not more, under which any person trying to access one account must answer certain queries from the system and the confirmation of each step must be instantly communicated through SMS as well as emails to the client.

The final access to the account for any transaction should be allowed only after verification of certain codes communicated by the banks to the client through SMS on the registered phone as well as email provided by the client to the bank. These codes should comprise of numeric as well as alphabets and even those should be cross-checked at least two times for further authentication. It is clear that only asking the date of birth and mother’s name is not enough of a security arrangement.

Any time a client is accessing one’s account electronically, the bank should immediately send an electronic enquiry through SMS as well as the registered email to confirm if the client is genuine and he or she is actually trying to access their account. Electronic passwords/authentication codes could be generated for each client without which any electronic access to the account should be denied and a warning should be sent to the client.

These electronic passwords/authentication codes should be for one-time access only and should be changed for each transaction. This may sound like a cumbersome procedure but may prove an effective part of the firewall the banks employ to prevent hackers’ attacks on their systems.

Telecommunication fraud has continuously been reasoning severe financial losses of billions of rupees to customers for several years.

The organisations including the State Bank of Pakistan, Cyber Crime Circle (CCC) of the Federal Investigation Agency (FIA), and other departments responsible to counter banking crimes, could not introduce the counter mechanism.

Hackers are playing with the entire financial telecom system of the banking organism by getting access to the accounts secret information of the account holders and transferring heavy amounts in their banks, even, in foreign countries, the FIA said.