Cyber-crime is not a conventional offence as its ramifications transcend borders. It affects a society in different ways. The term “cybercrime” denotes any sort of illegal activity that uses a computer, cell phone or any other electronic device as its primary means of commission. The computer and electronic devices serve as the agents and the facilitator of the crime. Cyber criminals take full advantage of obscurity, secrecy, and interconnectedness provided by the internet and are able to attack the foundations of our modern information society. Breaching of cyber space is an issue of utmost concern for the banks and financial institutions. The menace of data theft is growing in magnitude with huge financial impact. As custodian of highly valuable customer information, banks have always been the favorite target of the cyber-attacks.
Moreover it is estimated that banks are more frequently targeted by the hackers than any other business organization. IT based financial solutions of the banks such as ATMs, mobile banking and internet banking are exposed to various forms of frauds including skimming and phishing etc. Affected banks may also witness decline in their share prices. Banking industry is more susceptible to the breach of cyber security due to its financial lure for the transgressors.
In Pakistan, banking is increasing its user base at a brisk pace; the resulting threats are also multiplying. Financial services in Pakistan i.e. credit cards, accounts information and other, can also be acquired for theft or fabrication. During the last few years Pakistan has faced some serious cyber breaches in the banking sector. In 2018 it lost US$6 million in cyber-attacks as online security measures failed to prevent breach of security in which overseas hackers stole customer’s data. Data from 19,864 debit cards belonging to customers of 22 Pakistani banks has been put on sale on the dark web, according to an analysis conducted in year 2018 by Pakistan’s Computer Emergency Response Team, PakCERT.
However, cyber breaches of January 24 and January 30, 2019 included such data in large quantities pertaining to bank Meezan Bank Ltd. Gemini Advisory; a body that provides guidance with addressing emerging cyber threats stated that the compromised records posted between January 24 and January 30, 2019 is associated with a compromise of Meezan Bank Limited’s internal systems. Cyber security company “Group-IB” in a February 22, 2019 advisory stated that money mules use the fake cards, to either withdraw money from ATMs or buy goods” that are later resold by fraudsters. Despite efforts of banks to eliminate ATM card fraud, criminals still find ways around security measures to acquire card data at the point of sale.
The impact of a single, successful cyber-attack can have far-reaching implications including financial losses, theft of intellectual property, and loss of consumer confidence and trust. The overall monetary impact of cyber-crime on society and government is estimated to be billions of dollars a year. While, the banks in Pakistan claim that they have insurance policies, they do not seem much interested in securing their system and the public remains highly affected by such attacks. There is growing sense of distrust in the online banking. Several banking organizations fail to provide proper insurance to their customer. That is why people are more comfortable in keeping their money and reserves at home rather than banks. This is one of the major factors that add to country’s severe economic decline.
Pakistan needs to develop its cyber capabilities infrastructure and should invest in the youth to build a cyber security force of young experts. Simultaneously, there is a need to focus on artificial intelligence, block chains and software robots as suggested by Chief Technology Officer Huawei (Middle East and European Union) Jorge Sebastiao in the recent international seminar on Global Strategic Threat and Response (GSTAR).
Establishing a stronger cyber infrastructure will provide stronger security guarantees to the IT enabled services especially to the banking systems of Pakistan. This will in turn enhance the economic growth and security. Furthermore, the transnational nature of cyber-crime makes cyber-security a global challenge and, hence, demands collective and collaborative measures at the international level with flawless and strong legal and cyber policy framework.
In this regard, Pakistan’s cyber-law provides for ‘international cooperation.’ It has the membership of the International Multilateral Partnership against Cyber Threats (ITUIMPACT) and participates in Asia Pacific Security Incident Response Coordination Working Group (APSIRC-WG). However, cyber-security does not appear to be a priority on the country’s agenda for international dialogue and agreements. Pakistan needs to review the Prevention of Electronic Crimes Bill which will contribute mainly to increase the security of banking systems.
*The writer is working as Research Affiliate at Strategic Vision Institute Islamabad, a nonpartisan based out of Islamabad.