State Bank wakes up to ATM skimming incidents

KARACHI: The State Bank of Pakistan (SBP) expressed concerns over the skimming of debit cards that caused a total loss of Rs10.2 million to 559 customers recently.

The SBP asked banks to go for the Europay Mastercard Visa (EMV) standards, which are safe and protected, according to a press release.

The SBP said only 296 customers have confirmed disputed transactions and Habib Bank Ltd (HBL) is trying to limit the impact of hacking activities.

The SBP statement did not say who the hackers were. It said the hackers withdrew depositors’ money from various locations within and outside the country.

“Customers’ information on debit cards of HBL was compromised by hackers thro­ugh skimming to create its clones,” said the SBP.

The SBP has been in contact with the HBL management to ascertain the losses and ensure the return of money to the affected customers and precautionary measures.

“HBL has taken several immediate actions to determine and limit the impact of such transactions on customers. Specifically, it blocked all identified debit cards that were suspected to be misused and quarantined the automated teller machines used in hacking activity,” said the SBP.

Until Tuesday, 296 customers confirmed the disputed transactions and the estimated damage assessment done to the bank concerned is Rs10.2m for their customers, said the SBP,

It noted that HBL has also managed to start returning the money to depositors to the extent of their losses. “Efforts are under way to determine losses to any other banks’ customers using HBL ATMs and take remedial measures,” said the SBP.

ATM skimming is an illegal activity in which account details are stolen from the magnetic strip contained on the back of the debit card. Such incidents have happened, sporadically, in Pakistan as well, the SBP added.

The central bank has issued specific regulations for the security of payment cards and internet banking to safeguard depositors from fraudulent transactions. Under these regulations, banks are required to develop and implement a comprehensive framework for risk assessment, implementation of controls and monitoring.

“Debit cards with a magnetic strip on their backs – that store customers’ acc­ou­nt details – are particularly vulnerable to skimming and cloning. Debit cards, complying with EMV standards, featuring a chip and offering two-factor authentication are now considered most effective countermeasure to card-cloning through skimming globally,” said the SBP.

The central bank issued regulations for payment cards security in 2016 wherein banks are required to develop infrastructure for EMV compliance and issue cards by June 30, 2018.

“The SBP reassures bank customers that complying with its responsibility of ensuring a smooth and safe payment system, it will take every measure in coordination with banks to safeguard the interest of depositors against any fraudulent activity,” it said.