Islamabad: Hundreds of Pakistani citizens have lost millions of rupees in last weeks after falling prey to Automated Teller Machine (ATM) card hacking.
Around 579 customers across the country have lost nearly Rs10 million (Dh348,612) in the cyberattack, according to Habib Bank Limited (HBL), the bank which was affected by the hacking.
The bank confirmed skimming devices were installed on four of its ATMs in different parts of Islamabad and Karachi. The bank shortly blocked the ATM cards of most of its customers to prevent further theft.
ATM hacking, known as ATM skimming, was confirmed by the Federal Investigation Agency (FIA) which revealed that the fraudsters withdrew money by accessing the accounts by placing skimming devices in different ATMs.
The FIA’s cybercrime wing has begun investigations into the hacking incidents following complaints by HBL. The hacking is being linked to recent fraudulent activity in which several foreigners were arrested for allegedly stealing data from banks.
The State Bank of Pakistan said that it was in touch with HBL and has sought relevant information from the bank.
Chief marketing officer of HBL Naveed Asghar acknowledged that some 579 customers of the bank have been affected by the cyberattack at around 10 ATM facilities.
The affected customers would soon be reimbursed and their debit cards will be replaced. “We are investigating it (hacking) and will reimburse those who have lost their money,” he assured.
“All machines (ATMs) have been rechecked to make sure that the bug is removed … we are giving assurances to our customers that there is nothing to panic and worry about.”
Most of the incidents of ATM skimming were reported at a major shopping mall in Karachi’s posh Clifton area. The fraudsters reportedly placed a skimming device on one ATM and made others dysfunctional to fool the customers.
Several such cases were also reported in several areas of the capital city of Islamabad.
As soon the reports of several fraudulent transactions emerged, local banks including HBL blocked users’ ATM cards as a precaution against further loss.
This is not the first time that cyber criminals have challenged Pakistan’s banking sector. Earlier, three Chinese skimmers were arrested in Karachi for manipulating the ATMs. FIA’s cybercrime wing also arrested two more Chinese nationals in March 2017 for defrauding Pakistani bank users.
The FIA then indicated that the use of “obsolete technology” by banks for ATMs and outdated security system at booths had made them an easy target for an “organised foreign group”. The FIA also approached the State Bank of Pakistan and asked banks to enhance security measures at the ATMs, including the introduction of biometric features.
“Biometric verification on ATM machines should be the top priority for banks in Pakistan,” suggested Ali Amjad, information security manager at a local bank. “Banks should also monitor the ATM machines through installed cameras for any illegal activity while enhancing public awareness on ways to avoid the scam.”
What is ATM skimming?
Hacking through skimming devices is a global phenomenon. This method is used by criminals to capture data from the magnetic stripe on the back of an ATM card.
In some cases, fraudsters stick a fake card-reader on the ATM, while in others they place a fake keypad on the machine to get your PIN code.
Another scheme is to strategically position cameras and imaging devices to ATMs to capture PIN numbers. Once captured, the electronic data is put onto a fraudulent card and the captured PIN is used to withdraw money from accounts.