In the past few days more than 550 people in Karachi have reportedly been robbed of Rs10.2 million, as they became victim of the ATM skimming scam.
While FIA officials await further details before launching an investigation into the matter, some Chinese nationals were arrested in March for allegedly stealing data from banks with skimming devices at ATM facilities.
Initial findings by the federal investigator suggest that the use of ‘obsolete technology’ by the financial institutions for ATMs and legacy security system at ATM booths makes them an easy target for ‘an organized foreign group’. ATM skimming is an illegal activity in which account details are stolen from the magnetic strip contained on the back of the debit card.
Rewind back to March when the Chinese nationals were arrested for allegedly stealing data of banks from their ATMs through skimming devices, the FIA had requested the State Bank of Pakistan to order financial institutions to enhance security measures for their teller machines. The enhanced featured can include introduction of biometric features for the use of service or the implementation of Europay Mastercard Visa (EMV) standards. Service providers in Pakistan are already and readily offer solutions which integrated into existing banking infrastructure.
Following the recent incident of skimming fraud, the State Bank of Pakistan has urged the banks to adopt EMV standards, which it terms as ‘safe and protected’. The central bank had issued regulations for payment cards’ security in 2016 based on which, banks are required to develop infrastructure for EMV compliance and issue cards by June 30, 2018.
In its recent statement, the SBP admits that incidents related to ATM skimming have happened, albeit sporadically, in Pakistan. The central bank has issued specific regulations for the security of payment cards and internet banking to safeguard depositors from fraudulent transactions. Under these regulations, banks are required to develop and implement a comprehensive framework for risk assessment, implementation of controls and monitoring.
“Debit cards with a magnetic strip on their backs – that store customers’ account details – are particularly vulnerable to skimming and cloning. Debit cards, complying with EMV standards, featuring a chip and offering two-factor authentication are now considered most effective countermeasure to card-cloning through skimming globally,” reads the SBP statement. It would, however, be false to say that chip-based cards will deter ATM fraud 100%, however it will certainly be more effective in doing so.
It is expected that following the recent hacking and skimming attempts, SBP will force the financial institutions to timely shift towards the latest technology. This skimming incident might just be a blessing in disguise, as it identified problems relating to legacy infrastructure. As far as the monetary losses are concerned, the SBP and the targeted bank both have assured that the money will be returned to depositors to the extent of their losses.
But as the SBP and other banks deliberate to devise a solution to enhance security options, it is equally necessary for customers to remain vigilant at their end. To avoid the loss of cash, it is necessary and advisable for customers to check that there is no hidden on unusual device attached to the teller machine.
Banks are also advised to take steps and update their surveillance and security measures. Motion-activated cameras that can be remotely monitored across the bank’s closed networks, will be just one of many steps that need to be taken. While a lot of customers are undoubtedly questioning what will become of the banking infrastructure in Pakistan, our bullish outlook is on the account of the fintech companies that have entered the arena. Where physical cash is high risk, investing more confidence in a more secure, digital ecosystem is what is needed today.