It was around the middle of this month when the police on mobile duty observed a suspicious activity in Defence Housing Authority (DHA) Karachi. They could see a few men moving from one place to another rather cautiously. It was obvious they were up to mischief.
Getting suspicious, the police approached them, and despite their attempt to run away, caught three of them after some chase. Within moments it was established that they were ATM (automated teller machine) hackers of Chinese origin, who were experts at withdrawing cash from these machines by using forged cards.
The police recovered millions of rupees in cash and sophisticated equipment from them. Soon after, another member of the gang, also a Chinese national, was arrested.
The same day the police in Bahadurabad arrested another Chinese national trying to withdraw cash from an ATM.
The number of such incidents has skyrocketed in recent days. And, in almost every case, Chinese nationals have been involved. This, of course, raises questions about the effects of their influx in the country.
Typically, in ATM cash robbery cases, the fraudsters copy data of users with the help of equipment installed cleverly in the ATM card slot. The copied data is transferred on blank cards with magnetic strips that are then used to withdraw cash from peoples’ accounts. The fraud is uncovered once the account holders receive monthly statements.
Such incidents happening in quick succession have shaken ATM users. They are returning to cash transactions and withdrawal of cash through cheques.
Muhammad Ali, a banker, says the number of cheques cashed by his branch has increased over the last few weeks. “There are others who want to get their ATMs blocked because they fear their data has been stolen already and can be used by fraudsters.”
He adds, “The data of debit/credit cards can be used overseas to carry out transactions without the knowledge of their genuine card holders, and that is why it is important to protect the card information”.
Ali says people give their debit/credit cards to attendants at petrol pumps and restaurants, and do not get them swiped right in front of their eyes. “This is quite risky because they may copy the data using the devices called skimmer and use it later to withdraw cash or carry out transactions.”
He advises the ATM card users to properly examine the booth. “If it is loose or tempered, they must inform the bank staff.” Besides, he says, they must cover the typing pad while entering the PIN code in a way that no hidden camera or a person standing outside the ATM booth can read it.
The good news is that the banks have agreed to refund the amounts robbed because the banks are themselves responsible for it. They assert that had they fully complied with the Payment Card Security (PCS) regulations introduced by the State Bank of Pakistan (SBP) in 2016, the situation would have been much better.
One recommendation for banks in this context is to go for the use of two-factor authentication process. For example, the use of finger or thumb impression in addition to a PIN code can be made compulsory for verification at ATMs.
Though the culprits were caught by the police, they were handed over to the Federal Investigation Agency (FIA) for interrogation and trial in the court. The agency is also responsible for taking pre-emptive measures and bust gangs involved in financial crime however with certain limitations.
Shahid Hassan, Deputy Director FIA Cybercrime Wing, says there are good and bad people among Chinese but generally the Chinese are very tech savvy. “They are good at breaking codes and reading encrypted data. While these skills can be used for constructive purposes, these are also employed for negative purposes.”
Another issue of high concern, he says, is that many devices and softwares have reached Pakistani markets that facilitate electronic crime but “unfortunately fraudsters are protected by their respective trade bodies”.
He thinks this helps unscrupulous elements to carry out their activities without any fear. “There are people who change the International Mobile Equipment Identity (IEMI) numbers of stolen mobiles to sell these in the market. Similarly, Magnetic Strip Reader (MSR) is a device easily available here that fraudsters use to read the data of ATM cards, debit cards and credit cards. It is very important to nab people dealing in such equipment in order to curb this crime.”
The fear about Chinese nationals’ involvement in suspicious activities has put the government on alert. An example of this is that the Sindh government has approached the federal government to register Chinese nationals coming into the province. It has suggested that Chinese must get an NoC from the provincial Home Department in case they want to reside or do business in Sindh.
Noman Mansoor, a senior level professional in a multinational company, believes education of card users is essential to reduce the risks. “I always use the ATM machines installed inside a bank’s premises because I feel they are safe.” Those installed in isolated places with little lighting and no guards is a no-go for him.
He adds, “I always shake the slot for card insertion before entering my card to confirm a skimming device is not placed there”.
He advises the users to get the cards swiped in front of their eyes and not feel shy. The waiters can be asked to bring the machine to your table or you can go to the counter to make payment through the card “and there is no harm in it”, he concludes.