WHILE there is certainly cause for concern, the FIA has acted in haste by issuing an alarmist warning about the hacking and breach of data from Pakistani banks; such actions are not helpful in crafting a response to the emerging cybersecurity threats faced by the country.
The director of the agency’s cybercrime unit put out a statement that caused panic among millions of users of credit and debit cards. Former interior minister Senator Rehman Malik seized the opportunity to demand a report from the State Bank on the matter, further fuelling the news cycle on the issue.
The FIA’s basis for the statement alleging a wide breach of data in Pakistani banks was a document put out by a private-sector company that describes itself as an IT security firm, as well as its claim that reports by consumers of misuse of their banking data have seen a sharp rise in recent weeks.
However, only one example was given of this sharp rise — that of an Islamabad-based resident who allegedly had Rs2.6m withdrawn from his or her account because of what the FIA claimed was a breach of card data.
It is hard to imagine, though, how Rs2.6m could be taken out from an account using card data, unless the withdrawals were spread over a longer period of time.
Cybersecurity in the financial system is an important matter, no doubt, and much more work is needed to ensure that the proper safeguards are in place going forward, given the growing role that technology is going to play for payments and settlements in the future.
Consumer protection is also crucial, and already the absence of appropriate data protection legislation is being felt. But spreading panic and stirring politics is not the answer.
If Senator Malik, and others in parliament who raised the issue, are serious in their concern, they should ask, instead, for a copy of the draft Personal Data Protection Bill, 2018, and look for ways to accelerate its passage. The provisions of that bill can go a long way in strengthening digital security in Pakistan.
Its implementation, of course, will be key.
Typically enough, we see a floundering, disorganised and sound-and-fury type of a response from the state to what is otherwise a complex and sophisticated challenge.
There is no reversing the growing role of digital architectures in the financial system of the country; strengthening digital security goes hand in hand with this phenomenon.
Sadly, an episode which should have awakened the state authorities to the important role they need to play in this regard has, instead, turned into another performance and opportunity for grandstanding in the headlines.
The State Bank needs to do more to provide leadership by providing a road map for cybersecurity in Pakistan’s financial sector.
Published in Dawn, November 8th, 2018