Pakistan suffered the largest cyber-attack on its banking system when in the last week of October 2018, over 19,000 debit cards worth US$2.6 million from some 22 Pakistani banks have been found to be stolen by certain unknown outside hackers. After cashing out US$2.6 million via ATM and POS at various international locations including Russia and US, the cyber outlaws dumped these cards for sale at prices ranging from US$100 to US$135 each on Dark Web under the title “WORLD-EU-MIX 01”. Thus, the cyber criminals succeeded in getting illicit access to customers’ accounts. An opinion is that local criminals served as a conduit to their foreign accomplices. Linking of such culpable acts to Pakistani banks could attract dire consequences for terrorist financing and FATF regime.
Cyber security breach is an issue of utmost concern for the banks and financial institutions. The menace of data theft is growing in magnitude and financial impact. As custodian of highly valuable customer information, banks have always been the favorite target of the cyber-attacks. It is estimated that banks are attacked 300 times more frequently by the hackers than any other business organization. The impact of breach is normally underestimated as it goes beyond the depletion of data and money. Following are the various ways through which banks are impacted through cyber-attacks:
- The customers do not wish to continue business with the banks that fail to protect their data privacy. The reputational risk impacts the brand value, image and trust that results in customer attrition.
- IT based financial solutions of the banks like ATMs, mobile banking and internet banking are exposed to various forms of frauds such as skimming and phishing etc.
- Failure in complying with the data protection laws brings about monetary policies.
- There are so many other costs like insurance premiums, increase in cost to raise debt, forensic audit and advisory/consultancy etc. that are borne by the affected banks.
- Other material loss comes in the form of threat to intellectual property rights or trade secrets. Such loss is immeasurable.
- Another consequence is when customers adopt legal recourse and enter into litigation with the bank for settlement of dispute.
- Affected banks may witness decline in their share prices.
Internationally, certain initiatives have been undertaken to tame down the menace that affects cyber security resilience in the global financial system. Some guidelines have been issued by the State Bank of Pakistan (SBP) for domestic financial market infrastructure to improve cyber governance. SBP also aims to ensure preparedness, cognizance and awareness among all stakeholders in the wake of cyber-attack. Financial innovation is happening at a rapid pace. In order to extract optimal potential from such disruptive technology for financial inclusion and cost effective solutions without compromising the integrity of the banks, consumer protection, data privacy, cyber security and financial exclusion, the regulator has to be proactive rather than reactive.
The banking industry is all the more susceptible to the breach of cyber security due to its financial lure for the transgressors. However, effective implementation of cyber security framework is highly challenging because the available devices outnumber the people and the offenders are very inventive in their tricks.