Grappling with cyber fraud: Pakistan’s banking sector must up its security game

By Miran Rehmat

  The rise of Pakistan’s e-commerce sector and IT-enabled services has made it a top target for both domestic and foreign cyber-fraud criminals. A spate of cyber-attacks have rocked Pakistan’s financial sector and have laid bare the loopholes in what are claimed ‘fail-safe’ cyber security protocols deployed by the country’s leading financial institutions.

In 2021, hackers attacked and gained control of a data storage station, Pakistan’s largest, serviced by the Federal Bureau of Revenue (FBR) and sold hacked data reportedly for $30,000 on a dark web forum based in Russia

 In 2018, 22 private and public banks of Pakistan were hacked and sensitive data concerning thousands of accounts serviced by these banks was released on dark web platforms. Not only released, a block of data was reportedly sold online putting funds held by private citizens at risk. In 2020, cyber-criminals attacked K-Electric’s, premier provider of electricity to the country’s most populous city, online payment platform and demanded release of personal data of consumers for return of control to the platform.

  In 2021, hackers attacked and gained control of a data storage station, Pakistan’s largest, serviced by the Federal Bureau of Revenue (FBR) and sold hacked data reportedly for $30,000 on a dark web forum based in Russia. In 2022, a debit and instant cash card scam targeting bank accounts serviced by three private banks was unearthed right before a three-day religious holiday after affected customers reported suspicious financial activity to the Federal Investigation Authority (FIA), Pakistan Citizen’s Portal (PCP) and social media handles of government functionaries. While the affected banks tried to pacify customers on the pretext of fixing ‘technical issues’, they were grappling with a serious case of cyber-fraud and unethical hacking. Once again, customers were defrauded of hard-earned funds saved for personal use and perceived to be safe in banks.

In 2020, cyber-criminals attacked K-Electric’s, premier provider of electricity to the country’s most populous city, online payment platform and demanded release of personal data of consumers for return of control to the platform.

  Financial institutions operating in Pakistan should now rethink their cyber-security strategy to reinforce before their customers their ability to safeguard both funds and business operations. They need to solidify encryption protocols for their data and digital banking applications used by customers, ensure advance malware protection to deter potential cyber-fraud criminals and enlist services of industry-leading third party digital security agencies.

 Given Pakistan’s aspirations to become a financial and digital export hub, private and public financial institutions must step up their security game and utilize latest cyber-security tools to ensure their viability as trustworthy stakeholders.