Islamabad: Federal Investigation Agency (FIA) top bosses have hatched a plan to initiate a crackdown with the help of commercial banks against telecom hackers involved in transferring large numbers of customers from different banks into their bogus accounts, the FIA told this scribe.
As incidents of cyber attacks on the country’s banking system grow at an alarming rate, sporadic SMS messages sent to account holders are clearly not enough and do not absolve banks of their responsibility to protect their clients and customers. . .
Hacker gangs are active in the country transferring bank customers using virtual technology to obtain personal identity numbers (PINs). Fraud gangs, anyway, get secret indicators from bank customers after tracing their bank account secrets on phones posing as their bankers, and easily transferring large amounts of money into their accounts. “Hackers operate their system from abroad or operate from remote parts of the country,” an FIA official said when contacted to inquire about the reasons for ignoring the sensitive issue of hacking.
It is evident that so far banks have not been able to ward off attacks by hackers as a result of which people lose millions of rupees. The situation is forcing banks to use technology and harden the firewalls they have in place to prevent hackers from logging into their customers’ bank accounts, said a banking expert interviewed.
Again, it is obvious that the firewalls put in place by banks to prevent hackers from accessing a bank account are not strong enough. In the current system for a customer accessing their bank account electronically, there are not enough security checks.
Banks are required to create a multi-layered security system, at least three-level if not more, whereby anyone trying to access an account must respond to certain system queries and confirmation of each step must be provided. instantly by SMS as well as e-mails to the customer.
Definitive access to the account for any transaction should only be authorized after verification of certain codes communicated by the banks to the customer by SMS on the registered telephone as well as by e-mail provided by the customer to the bank. These codes should include numbers as well as alphabets and even these should be cross-checked at least twice for further authentication. It is clear that asking only the date of birth and the name of the mother is not a sufficient security measure.
Whenever a customer accesses their account electronically, the bank must immediately send an electronic request via SMS along with the registered email to confirm if the customer is genuine and if they are actually trying to access their account. account. Electronic passwords/authentication codes could be generated for each client without which any electronic access to the account should be denied and a warning should be sent to the client.
These electronic passwords/authentication codes must only be used once and must be changed for each transaction. This may seem like a tedious procedure, but can be an effective part of the firewall that banks use to prevent hacker attacks on their systems.
Telecom fraud has continuously caused serious financial losses of billions of rupees to customers for several years.
Organizations including the State Bank of Pakistan, the Cyber Crime Circle (CCC) of the Federal Investigation Agency (FIA) and other departments tasked with combating banking crimes have not could not introduce the mechanism of struggle.
The hackers play with the banking organization’s entire financial telecommunications system by accessing secret account information of account holders and transferring large sums to their banks and even overseas, the FIA said.