Daily Times

The head of the Federal Investigation Agency’s (FIA) cybercrime wing, Capt (rtd) Mohammad Shoaib, has dropped a veritable bombshell. That is, hackers have stolen data from “almost all” Pakistani banks. All that is known so far is that those behind this grave security breach were operating from abroad. And that they successfully helped themselves to customer account coffers.

Needless to say, this is an extremely worrying development. Not least because it represents a new kind of threat; this time from real hidden hands. And it is one for which Pakistan should have been better prepared. Significantly, the cybercrime chief more or less points the finger at banks for their role in fraudulent practice; such as not immediately holding up their hands when it comes to security risks of this kind. The upshot being that customers end up reporting concerns back to the banks instead of the FIA; the relevant authority.

Yet, more broadly speaking, Pakistan’s banking sector must maintain an open dialogue with customers while keeping them updated about the latest financial scams. It is not enough to, say, rely on a telephone banking system that requires biometric verification procedures. Not when countries such as Britain are battling increasingly sophisticated rackets involving customers handing over personal details; genuinely believing that the person on the other end of the phone is a representative from their bank. In such cases, hackers have typically accessed internet banking details while managing to somehow ‘lock’ mobile phone devices so that when customers call their banks to double check developments — they unwittingly find themselves redirected to the extortionists. All of which highlights security breaches across all modern banking platforms.

Thus the Centre must work with the State Bank of Pakistan (SBP) as well as the FIA to establish certain protocols when it comes to raising internal alarms. In fact, it should be mandatory for any bank that has fallen victim to cyber terrorism, in the truest sense, to alert the SBP. It must also be incumbent upon private banks to inform customers of potential threats as soon as possible and not the other way around. This is to say nothing of the need for a transparent compensation mechanism.

Of course, customer care ought to be the main priority. That being said, the timing of this hacking case, which may have resulted in the selling on of data belonging to more than 8,000 account holders, is troublesome. For the prospect of stolen cash being used to fund terrorism can never be entirely ruled out. All of which could have potentially devastating consequences for Pakistan and the dreaded FAFT blacklist; as well as making international investors even more jittery.

Effectively reducing this menace falls strictly within the FIA remit. That Capt (rtd) Shoaib has openly admitted the current situation is to be appreciated. Indeed, now that Prime Minister Imran Khan wears the hat of Interior minister, to which the Agency reports, it is hoped that this signals a new era in citizenry protection.  *

Published in Daily Times, November 7^th 2018.