DAWN.COM

Today's Paper | November 23, 2024

Published 15 Mar, 2008 12:00am

NBP suspends inter-bank ATM service after fraud

ISLAMABAD, March 14: The National Bank of Pakistan (NBP) on Friday unilaterally suspended its One-Link service with 14 other banks after finding out that a cyber gang had withdrawn millions of rupees from its different branches through automated-teller machines (ATMs) by cracking the PIN codes and hardware security modules.

Sources told Dawn that the bank had also sought the help of the FIA to determine how the gang had been misusing a couple of “zero-balance” accounts of two employees of another bank, one of them retired, and getting complete command over the ATM system of the NBP.

They said that involvement of some employees of both the banks could not be ruled out as one employee of the NBP headquarters in Karachi, in charge of hardware security of the bank’s online money supply service, had disappeared along with loads of information about private accounts and their ATM PIN codes.

Police have also arrested Amir Abbas, an employee of the Lahore branch of the other bank, one of the 14 banks sharing the ATM service with NBP.

Mr Abbas is being grilled by police while search is on for one Ali Hassan alias Bacha, who is believed to be the chieftain of the gang.

Insiders told Dawn that the bank’s management had detected ‘cyber theft’ of over Rs3 million from its ATMs in Multan and Lahore in recent weeks.

But it was surprised to find similar cases unfolding in its branches operating in the industrial belt of Punjab in Sialkot, Gujranwala and Lahore.

After following the transactions, the bank management found that the same group had withdrawn another over Rs8 million from the NBP’s ATM in Punjab just over the last weekend.

The sources said the hackers had targeted branches of the NBP operating in the industrial areas of Punjab because ATMs of these branches are normally filled to the brim.The NBP management is also busy tracing similar transactions in other parts of the country, perhaps by members of the same gang.

Initial investigations have found that the gang had full command over the entire ATM hardware system of the bank, which means that some employees of the bank’s ATM department had links with the gang and had provided them the data needed to hack the system.

In normal cases, an account holder can withdraw a maximum of Rs20,000 in 24 hours from an NBP ATM. But the hackers had full control even over this function and are believed to have made the machines deliver large sums in one go.

The NBP’s ATM issuance service has already come to a halt for a couple of months, an NBP employee said.

He said the bank had decided not to re-start its One-Link ATM system with all other partner banks without installing a new security system.

The NBP fears massive attacks on its hacked online money supply system across the country forcing it to suspend its One-Link operations for an indefinite period.

The employee said that ironically the NBP had not installed close-circuit cameras to cover its ATMs. Therefore, it is difficult to tell exactly how the gang drew money from the machines.

The NBP authorities are also investigating whether the ATM hacking started when its absconding employee was attending his office or after he had left to be with his accomplices while drawing cash from the machines.

NBP President Ali Reza and some other top officials could not be reached for the official version on the issue.

Read Comments

At least 38 dead in gun attack on passenger vans in KP's Kurram District: police Next Story