Hacking alarms

Published November 8, 2018
FIA has acted in haste by issuing an alarmist warning about the hacking and breach of data. — File photo
FIA has acted in haste by issuing an alarmist warning about the hacking and breach of data. — File photo

WHILE there is certainly cause for concern, the FIA has acted in haste by issuing an alarmist warning about the hacking and breach of data from Pakistani banks; such actions are not helpful in crafting a response to the emerging cybersecurity threats faced by the country.

The director of the agency’s cybercrime unit put out a statement that caused panic among millions of users of credit and debit cards. Former interior minister Senator Rehman Malik seized the opportunity to demand a report from the State Bank on the matter, further fuelling the news cycle on the issue.

The FIA’s basis for the statement alleging a wide breach of data in Pakistani banks was a document put out by a private-sector company that describes itself as an IT security firm, as well as its claim that reports by consumers of misuse of their banking data have seen a sharp rise in recent weeks.

However, only one example was given of this sharp rise — that of an Islamabad-based resident who allegedly had Rs2.6m withdrawn from his or her account because of what the FIA claimed was a breach of card data.

It is hard to imagine, though, how Rs2.6m could be taken out from an account using card data, unless the withdrawals were spread over a longer period of time.

Cybersecurity in the financial system is an important matter, no doubt, and much more work is needed to ensure that the proper safeguards are in place going forward, given the growing role that technology is going to play for payments and settlements in the future.

Consumer protection is also crucial, and already the absence of appropriate data protection legislation is being felt. But spreading panic and stirring politics is not the answer.

If Senator Malik, and others in parliament who raised the issue, are serious in their concern, they should ask, instead, for a copy of the draft Personal Data Protection Bill, 2018, and look for ways to accelerate its passage. The provisions of that bill can go a long way in strengthening digital security in Pakistan.

Its implementation, of course, will be key.

Typically enough, we see a floundering, disorganised and sound-and-fury type of a response from the state to what is otherwise a complex and sophisticated challenge.

There is no reversing the growing role of digital architectures in the financial system of the country; strengthening digital security goes hand in hand with this phenomenon.

Sadly, an episode which should have awakened the state authorities to the important role they need to play in this regard has, instead, turned into another performance and opportunity for grandstanding in the headlines.

The State Bank needs to do more to provide leadership by providing a road map for cybersecurity in Pakistan’s financial sector.

Published in Dawn, November 8th, 2018

Opinion

Editorial

Judiciary’s SOS
Updated 28 Mar, 2024

Judiciary’s SOS

The ball is now in CJP Isa’s court, and he will feel pressure to take action.
Data protection
28 Mar, 2024

Data protection

WHAT do we want? Data protection laws. When do we want them? Immediately. Without delay, if we are to prevent ...
Selling humans
28 Mar, 2024

Selling humans

HUMAN traders feed off economic distress; they peddle promises of a better life to the impoverished who, mired in...
New terror wave
Updated 27 Mar, 2024

New terror wave

The time has come for decisive government action against militancy.
Development costs
27 Mar, 2024

Development costs

A HEFTY escalation of 30pc in the cost of ongoing federal development schemes is one of the many decisions where the...
Aitchison controversy
Updated 27 Mar, 2024

Aitchison controversy

It is hoped that higher authorities realise that politics and nepotism have no place in schools.