SBP moves into action against skimming incidents, assures customers of compensation

KARACHI: Taking notice of the skimming incidents in Karachi, the State Bank of Pakistan (SBP) on Tuesday assured customers that relevant bank of the ATM where their data was compromised would fully compensate them.

During the preceding week, the central bank noted with concern that customers’ information on debit cards of Habib Bank Limited was compromised by hackers through skimming to create its clones and were used to withdraw depositor’s money from various locations within and outside the country, said a release issued by the SBP.

“Since then the SBP has been in contact with HBL management to ascertain the losses, returning of money to the affected customers and precautionary measures to limit the impact of this hacking activity,” it said.

Read More: How dark net is buying and selling Pakistanis’ ATM card data

HBL has taken several immediate actions to determine and limit the impact of such transactions on customers. Specifically, it blocked all identified debit cards that were suspected to be misused and quarantined the Automated Teller Machines (ATM) used in hacking activity, the press release added.

The state bank said 296 customers had confirmed the disputed transactions and the estimated damage assessment done to the concerned bank was Rs10.2 million for their customers. HBL has also managed to start returning the money to depositors to the extent of their losses.

Meanwhile efforts are underway to determine losses to any other bank’s customers using HBL ATMs and take remedial measures, it said.

ATM skimming — an illegal activity in which account details are stolen from the magnetic strip contained on the back of the debit card has been around for a while and such incidents have happened, sporadically, in Pakistan as well.

To safeguard the depositors from fraudulent transactions, SBP has issued specific regulations for the security of payment cards and internet banking, under which banks are required to develop and implement comprehensive framework for risk assessment, implementation of controls and monitoring.

Read More: Insufficient cash, closures reported at ATMs in Karachi

It would be pertinent to mention here that debit cards with a magnetic strip on its back – that stores customer’s account details are particularly vulnerable to skimming and cloning. Debit cards, complying with EMV (Europay Mastercard Visa) standards, featuring a chip and offering two factor authentication are now considered most effective countermeasure for card cloning through skimming globally.

Accordingly, SBP vide its circular PSD 05 of 2016 issued regulations for Payment Cards Security wherein banks are required to develop infrastructure for EMV Compliance and issue cards by June 30, 2018.

SBP reassured bank’s customers that complying with its responsibility of ensuring a smooth and safe payment systems it will take every measure in coordination with banks to safeguard the interest of depositors against any fraudulent activity.