ISLAMABAD: The investigators probing last October’s online fraudulent transfer of money have claimed that the bank concerned was trying to hide the matter, which could further expose vulnerabilities in the banking sector.

A senior official of the Federal Investigation Agency (FIA) told Dawn that the hackers based in 44 countries had used the platform of ‘Visa’ money transfer service to siphon off the amount and an international forensic audit expert had been hired by the bank and the international money transfer company to probe the matter.

“A report by the international expert was awaited as it would help the banking sector as well as the FIA strengthen their firewalls from any further attacks,” the official said, adding that the FIA had also initiated inquiry and sought details from the 44 countries where the hackers were based.

‘Report of international forensic expert to help strengthen firewalls against cyberattacks’

However, Pakistan does not have agreements on evidence sharing and joint investigation against crimes with many of these countries. The other issue faced by the FIA investigators is lack of cooperation from the banking sector.

“The initial inquiry shows several strange queries like withdrawal of the heavy amount in a single day — Rs500,000 and more,” the official said, adding that the banking sector officials refused to answer why ATMs had not declined the withdrawal of such a huge amount.

“Our inquiry is not focused on whether the depositors would get their money back or not, but to stop the crime from happening again,” the official said.

Meanwhile, many banks have also issued advisories to their account-holders to be aware of various scams.

The Standard Chartered Bank (SCB) said that the two new kinds of fraudulent ways were ‘phishing’ and ‘vishing’. Phishing, the bank explains, is a technique where the fraudster sends an email, asking the recipient to provide personal details, and the email appears to originate from the recipient’s own bank. The term vishing is used when the fraudster calls the person, pretending to be a government official or a bank representative, and asks him/her to validate the identity seeking confidential information.

The SCB has warned that account-holders should not log in via an email link, and banks should never ask for passwords, login IDs, etc.

Meanwhile, the Senate was informed on Friday that the depositors would not suffer even after the amount had been siphoned off from their bank accounts as the loss would be borne by the insurer.

A written reply was submitted to the upper house of parliament by the Ministry of Finance to a question whether all the banks in Pakistan had been hacked. The reply said that except for one bank, data of any other banks was not hacked and one local bank faced a cyberattack, resulting in cash out through international ATMs on Oct 27.

The Senate was informed that the State Bank had developed a roadmap for added strength of the information security controls of Pakistan’s banking industry and instructed the banks to take necessary measures to identify/counter any cyber threat to their systems in coordination with all the relevant stakeholders, including payment schemes.

Published in Dawn, December 24th, 2018