- Banks pay for obsolete security and casual approach
Time was when a bank meant a solid institution providing absolute financial security, which one approached with some trepidation for opening an account and later, with an apologetic smile, approached the manager for the inevitable overdraft. The relatively fewer frauds were hatched by crooked bankers or attributed to customer naivety and carelessness, for there is a ‘sucker born every minute’. Recent sensational public disclosure of cyber-attacks that hit ‘almost all’ Pakistani banks, has created an atmosphere of avoidable fear and insecurity. In financial matters, panic can easily translate into a run on banks. The entire matter should have been jointly examined by FIA, State Bank of Pakistan and heads of commercial banks, concluding with a calculated, minimal response to prevent present unease.
A meeting has been scheduled between them to devise ways of confronting this emerging menace which, because of quantum IT advances, on-line banking, credit cards, ATMs, and all-pervasive smartphones, have left all systems and working vulnerable to computer ‘Einsteins’, some with evil intent. Alleged Russian hacking in 2016 US elections is under investigation, and that same year, a teenager hacked Pentagon computers and was actually thanked for exposing their vulnerabilities before the bad guys found out. The hacker genie is irretrievably out of the bottle, and demands a swift, proactive and coordinated riposte, with constant monitoring and upgrades of security measures, biometric identification, highly -trained IT staff, all banks ‘strengthening firewalls and safety mechanisms’ and fool- proofing their ATM and credit card operations. It is also imperative on customers not to disclose their financial data, which is easily saleable on the hacker market, to strangers. Some local banks have been compelled to suspend their card and international on-line transactions, and should now cooperate fully and freely with FIA and SBP, instead of glossing over such alarming incidents, as happened in the December 2017 hacking of 559 accounts of a private bank totalling Rs10 million. No lessons were learnt then, which is an unaffordable luxury now. One bank has reported Rs2.6 million hacked on October 27, data of over 8,000 account holders has been sold, while 1,576 complaints of bank fraud were lodged with FIA this year alone.