Hacking alarms

Published November 8, 2018
FIA has acted in haste by issuing an alarmist warning about the hacking and breach of data. — File photo
FIA has acted in haste by issuing an alarmist warning about the hacking and breach of data. — File photo

WHILE there is certainly cause for concern, the FIA has acted in haste by issuing an alarmist warning about the hacking and breach of data from Pakistani banks; such actions are not helpful in crafting a response to the emerging cybersecurity threats faced by the country.

The director of the agency’s cybercrime unit put out a statement that caused panic among millions of users of credit and debit cards. Former interior minister Senator Rehman Malik seized the opportunity to demand a report from the State Bank on the matter, further fuelling the news cycle on the issue.

The FIA’s basis for the statement alleging a wide breach of data in Pakistani banks was a document put out by a private-sector company that describes itself as an IT security firm, as well as its claim that reports by consumers of misuse of their banking data have seen a sharp rise in recent weeks.

However, only one example was given of this sharp rise — that of an Islamabad-based resident who allegedly had Rs2.6m withdrawn from his or her account because of what the FIA claimed was a breach of card data.

It is hard to imagine, though, how Rs2.6m could be taken out from an account using card data, unless the withdrawals were spread over a longer period of time.

Cybersecurity in the financial system is an important matter, no doubt, and much more work is needed to ensure that the proper safeguards are in place going forward, given the growing role that technology is going to play for payments and settlements in the future.

Consumer protection is also crucial, and already the absence of appropriate data protection legislation is being felt. But spreading panic and stirring politics is not the answer.

If Senator Malik, and others in parliament who raised the issue, are serious in their concern, they should ask, instead, for a copy of the draft Personal Data Protection Bill, 2018, and look for ways to accelerate its passage. The provisions of that bill can go a long way in strengthening digital security in Pakistan.

Its implementation, of course, will be key.

Typically enough, we see a floundering, disorganised and sound-and-fury type of a response from the state to what is otherwise a complex and sophisticated challenge.

There is no reversing the growing role of digital architectures in the financial system of the country; strengthening digital security goes hand in hand with this phenomenon.

Sadly, an episode which should have awakened the state authorities to the important role they need to play in this regard has, instead, turned into another performance and opportunity for grandstanding in the headlines.

The State Bank needs to do more to provide leadership by providing a road map for cybersecurity in Pakistan’s financial sector.

Published in Dawn, November 8th, 2018



Updated 16 May, 2022

Electoral reforms

EARLY elections or not? That is the question. And it seems to be weighing heavy on the mind of everyone in the...
16 May, 2022

Iran deal revival

WHERE the nuclear deal between Iran and the P5+1 is concerned, a great deal of fluidity exists regarding its fate....
16 May, 2022

Deprived of funds

THIS May, Pakistan’s former Fata region will complete its fourth year of merger with Khyber Pakhtunkhwa. The...
Imran’s lesson
Updated 15 May, 2022

Imran’s lesson

Patronage of the security and intelligence apparatus exacts a heavy price and almost never delivers any long-term dividends.
15 May, 2022

Small mercies

AT a time when Pakistan is getting closer to the brink with its foreign currency reserves dropping to just around...
15 May, 2022

Child sexual abuse

IT is interesting that despite the strictures of society and political leaders on community evils, there is little...