Recent reports of massive scale hacking of thousands of private citizens’ sensitive financial data from several Pakistani banks have led to widespread alarm among general public. Situation was exacerbated by the claims made by Federal Investigation Agency (FIA) that ‘almost all’ the banks were hit in the cyber attack and lack of any meaningful action by State Bank of Pakistan (SBP), the sole financial regulatory body. As it turns out that the investigation report by a local cyber security firm grossly over reported the scale of security breach and irresponsible statement by FIA’s cyber crime head further fanned the public concerns. It is very much likely as pointed out by several financial security analysts that a few ATM machines or on-counter payment systems were compromised, and hackers got access to only a few hundred users’ details. Former interior minister Senator Rehman Malik seized the opportunity to demand a report from the State Bank on the matter, further fueling the news cycle on the issue.
Cyber security in the financial system is an important matter, no doubt, and much more work is needed to ensure that the proper safeguards are in place going forward, given the growing role that technology is going to play for payments and settlements in the future. Unfortunately, Pakistan does not have even a basic regulatory framework in this regard. The only relevant piece of legislation in this regard is a draft Personal Data Protection Bill, 2018, that does not seem likely to be passed anytime soon. There is no reversing the growing role of digital architectures in the financial system of the country; strengthening digital security goes hand in hand with this phenomenon. Online banking system is only going to grow with time and government regulations should be accordingly updated regularly. This becomes even more urgent considering that Pakistan is already under international scrutiny for its lax financial regulations.