There has been a rise in the frequency of data breaches in the banking industry in Pakistan. There have been recent unsubstantiated claims that Standard Chartered Pakistan is experiencing major security concerns, resulting in clients losing money via debit card transactions they did not make.
Several individuals have shared their experiences on Twitter, and it seems that a significant number of individuals have been affected by this security compromise. Customers have lost an average of between Rs 50,000 and Rs 70,000 as a consequence of several transactions that were conducted without needing an OPT for verification. According to rumors published on social media, the Apple Store Payments and Uber are often used for transactions.
1/n There is a serious security issue at Standard Chartered Pakistan @StanChartMENAP – If you are a Standard Chartered Customer or know a Standard Chartered customer please read this.
In a matter of minutes people have lost 54,000 to 72,000 rupees pic.twitter.com/8R5bM0Vnma
— Habibullah Khan (@Huk06) July 26, 2022
Standard Chartered has neither acknowledged that this is a problem the bank is suffering nor sought to handle it in a transparent way. This issue has supposedly persisted for months. Such a lack of regard for client well-being and privacy is really troubling. If you fall victim to this fraud, your only option is a six-month-long, arduous procedure to get your money back.
Same happened with my friend who lost 1 lac in a single transaction last week, no OTP and info and boom the funds were transferred.
— Salman (@SupreemeLeader) July 27, 2022
This issue should be referred to the regulatory authorities as it requires immediate attention. In recent years, there have been rumors of severe data breaches at other banks in addition to Standard Chartered, which is plagued by insufficient safeguards. Numerous cases exist of fraudsters imitating the UAN number of banks and phoning clients for “verification” reasons.
Happened to me in March. The account almost got emptied out. I got the money back last week. Now using Sadapay's card for online transactions when needed. However I didn't know it was a widespread issue. Thought it was at my end since the card was linked to my phone. pic.twitter.com/WAnjGOHCcb
— Ali Kazmi (@alithekazmi) July 26, 2022
The fact that the fraudsters already hold private information such as the victim’s bank account number, CNIC, and address lends credibility to the scheme.
Clearly, this is a sector-wide problem, and the SBP must evaluate the security processes of commercial banks to determine why their governance structures are so deficient and why data breaches are not being reported to the central bank.
Standard Charted Bank Official Reponses:
For reasons of client confidentiality we cannot share any details. Rest assured, we have robust processes and procedures in place and our systems have not been affected