On 27th October, Karachi-based Bank Islami reports of suffering a security breach of its payment cards system but denied reports of having lost an alleged $6 million. If the loss is $6 Million then it is the biggest cyber-attack in the country’s history.
Many reports state that the attack consisted of many suspicious PoS transactions made at Target stores in Brazil and the U.S. The bank was heavily hit and as a result created a FUD among the holders of the bank.
The bank detected the attack on Saturday morning when the internal security system identified “abnormal transactions” coming from Pakistani debit cards outside the country’s borders. After that, the bank shut down its access to international payment networks.
The bank officials said that it has returned all the funds that had been withdrawn from customers’ accounts, which is only estimated at around $19,500. This is a low amount compared to the accounts registered with the bank.
According to international payment scheme, the bank disputes figures from international card processors that attackers made off with $6 million. This amount was not taken from a single account, but our sources suggest that the hack was a multi-targeted account
The international payment scheme also suggested to the Bank that some transactions were made on its ATMs allegedly using Bank’s issued cards.
Bank Islami is in denial because if the bank is proven to have acted too late in stopping the attack, then the sufferings of $6 million alleged funds will be on the bank not on the customers. This is considered the biggest hack in the history of the nations economic
The Bank has no idea in how such transactions were processed and validated when such transactions never landed on Bank’s system. These transactions, of approximately $6 million as reported by international payment scheme, are still unknown to the Bank since the Bank was actually logged off from the international payment scheme at the time.
After this chaos, the State Bank of Pakistan (SBP) has issued a security advisory for all banks to deal with such issues in the future. This was no surprise to the cyber community as the security online is a concern which is generally ignored by many governments as well private