1- No bank in Pakistan has reported any security breach or hacking attempt (successful or unsuccessful) during the last two weeks.
2- Bank Islami Pakistan reported fraudulent transactions worth 26 lacs rupees, for which the bank has already compensated its affected customers without waiting for complains from the customers. These fraudulent transactions initiated from outside Pakistan
3- Bank Islami Pakistan claimed to have disconnected its international link from where the fraudulent transactions were coming to the bank’s network. However, the bank is in dispute with international card brand (visa) with respect to another set of transactions amounting to USD 6 million. The bank has claimed that the question of approving these fraudulent transactions does not arise because it had already disconnected the international link. However, visa insisted that the bank also approved these fraudulent transactions worth USD 6 million and wanted Bank Islami to pay for the same. To resolve this dispute, Bank Islami and visa are already in the Sind High Court and the next hearing is scheduled on 12th November 2018.
4- The dispute between Bank Islami and VISA is already in litigation, therefore, both the parties are not forthcoming with further details about internal investigations for public consumption, which is obviously the right approach till the dispute is settled inside or out of the court. Therefore, at this point in time, it is not known if the bank or VISA or any other entity suffered a cyber-attack or not. Nevertheless, it can be said with a degree of confidence that the cards’ data of Bank Islami customers was copied / skimmed via ATMs or POS terminals or leaked from within the bank etc. Such copied data of cards has been used from outside Pakistan to do fraudulent transactions
5- It is important to understand the difference between fraudulent transactions and hacking attempt. Fraudulent transactions can be successful without hacking the bank. When a cheque book or a leaf of cheque book is lost, it can be used by fraudsters to steal money. Likewise, if a credit or debit card is lost or stolen, it can also be used in fraudulent transactions. Such fraudulent transactions, if successful, does not mean that the technology infrastructure of the bank has been hacked. Exactly in the same way, if the data stored in the debit or credit card is fraudulently copied or stolen then such data can be saved on a duplicate fake card. Such a fake card can also be used to do frauds especially if the fraudster also finds out the PIN associated with the original card.
6- Dark Web on the internet is a market to buy or sell illegal items or services e.g. user-IDs/passwords, bank account details, credit/debit card details, passports, nationalities etc. There are a number of such black markets on the internet where the credit/debit cards data from almost all the countries are available for sale. You name a bank in any country, and one can get you the card details belonging to that bank. Pakistan and its banks are no exception