Pakistan needs better security and detection systems to prevent online frauds, experts say

LAHORE: Pakistan's banking sector is facing a serious challenge from online fraudsters, who have targeted even the most senior and financially savvy officials in the industry, experts and industry officials said.

Banker scammed online despite security

A senior Pakistani banker had his credit card hacked and used for a $995 purchase on AliExpress, despite having disabled the e-commerce and cross-border transaction facilities on his card, highlighting the vulnerability of the country’s banking sector to online frauds and scams.

Banker Muhammad Tayyab said he was surprised to find out that someone from the United States had made a payment from his credit card, issued by one of the top five banks in the country, to the online shopping platform for a shipment bound to Russia in November.

“I have complete financial awareness and I always keep my credit card disabled for these facilities to avoid any such incident. But somehow the hackers managed to bypass the security features and made the transaction,” he told The News.

Tayyab had immediately reported the issue to his bank and requested a chargeback, but is still contesting the case of fraud with the bank despite the fact the case was accepted by the fraud investigation department.

He had also filed a complaint with the banking ombudsman, but had not received any response yet.

"I am facing a huge hassle due to the crippled mechanisms and non-cooperative behavior of the bank."

Malfunctioning of temporary database

Muhammad Zohaib Khan, chairman of the Pakistan Software Houses Association (P@SHA), said that such incidents usually took place due to the unawareness of the consumers who did not know how to protect their personal information on various websites.

However, Khan said, in this case there was a possibility of malfunctioning of the temporary database of the bank, which was usually the interface available to the users in the shape of mobile banking apps or internet banking.

“The banks keep their master database protected to avoid the hackers and scammers attacks. The protection mechanisms are also adopted in temporary databases too. But some malfunctioning of the mobile banking apps, which is common in Pakistan, can compromise the consumers data,” he said.

Khan said that in the United States, if an online fraud occurred with a consumer, the bank reverted the transaction amount to the consumer’s account within five minutes and did not wait for the chargeback process, since their banking transactions were insured.

However, it seemed that Pakistani banks claimed that the transactions were insured, but the processes did not support the claims," he said, adding that he had faced a similar issue with a bank in the past.

He stressed the need of creating awareness among the masses about the cyber security of the individuals and entities, and suggested that it should be included at every stage, ranging from the school education to organizational training of the companies and departments.

“So that the consumers are aware of the fast-developing scam procedures and can protect themselves from becoming victims of online frauds and scams.”

Need for smart intelligent fraud detection system

Shahzad Sahid, a fintech expert, said that after chip and pin induction, data was protected on debit and creditcards and cases of frauds on physical involvements almost ended, but scams increased in e-commerce payments.

"In such scams, the majority of users clicked some suspicious link which hacked the passwords and other information of the users and started using it until they got correct information to hack the accounts or make a fraudster payment," Shahid said.

On the other hand, he said, the fraudsters were now smart.

"They also created links and spammed them to the consumers with promotional offers to trap them. Usually, one was trapped due to his greed."

Sahid said the bank’s systems were still not mature enough to take decisions on customers’ risk. Majority of Pakistani banks did not have a smart intelligent fraud detection system and were still using the old-fashioned rules-based fraud system.

“The fraudsters are using AI based tools to milk the consumers. In such a situation, the

banks should improve the security controls and install AI based risk and fraud detection tools in accordance with the modern lines.”

Besides, the banks should evolve revised customer disputes management systems to encourage the digital channels rather than discouraging digital payments.

“The disputes should be resolved seriously on an urgent basis. It is important that the customer dispute management system is very important and strict checks of the central bank are needed.”