Tuesday, July 14, 2009

Cyber frauds, depositor’s risks


by Sher Baz Khan

The hacking of the Automated Teller Machine (ATM) system of the National Bank of Pakistan (NBP) believed to have involved withdrawals of over Rs84million from the industrial zones of Punjab alone, has added a new risk to the country’s banking system.

The two ATM cards of another bank with zero balance accounts were misused by a gang of well-organised hackers in Multan, Lahore, Faisalabad and Sialkot to defraud the state-run bank.

Primary investigations indicate the alleged involvement of an employee of the cyber wing of the bank’s headquarters in Karachi who knew about tons of ATM related data and the bank’s online money supply security system. Now he has vanished from the scene. The gang seems to have mastered the whole security modules of the bank’s online money supply service and cracked its codes to the level that they even made the ATM machines respond positively to commands for which the machines are programmed to respond negatively.

More shockingly, the gang withdrew just within hours millions of rupees through these machines which were programmed for not issuing any amount beyond Rs20,000 in a single day.

The Federal Investigation Agency (FIA) suspects that committing such cyber-cum-financial crimes was not easy without involvement of those who served as the administrators of the bank’s One-Link – the NBP’s ATM sharing service with 14 other banks. The agency has also arrested a retired employee of another bank, whose zero-balance account was mis-used. The search is on for the suspected head of the gang, Ali Hassan alias Bacha. The FIA has also warned other banks of similar cyber robberies if they fail to improve their security systems for online money transactions. The news has sent shock waves across the country as bank account holders now feel more vulnerable.. The question arises as to who will be responsible (the bank management or the client?) in case, a client’s cash card is misused.

ATMs are vulnerable because many of them are in isolated locations. Those in safer locations are still vulnerable to surreptitious damage — so even under observation it should be impossible to tell who was sabotaging the ATM equipment..

Now, the questions being asked is: Are the banks capable to win this battle against cyber gangs? The frequency of cyber crimes involving financial institutions and the general public has increased. However only few know about the existing anti-cyber crimes law and where to lodge a complaint in case any such crime was committed. .

It was in December last year that the Prevention of Electronic Crimes Ordinance, 2007 was promulgated. Under the ordinance, the FIA’s National Response Centre for Cyber Crimes (NR3C) is empowered to enforce the law. The NR3C was established in the FIA in March 2003 Till the formation of NR3C, Pakistan mainly relied on the US Central Investigation Agency (CIA) for detecting cyber crime and militant websites.

The NR3C now deals with 14 major categories of cyber crimes including, financial crimes, email treating, denial of service attack and DDOS attack, virus/worm attacks, internet time thefts, unauthorised access, credit card frauds, anti Pakistan/Islam material on websites, ATM frauds, mobile communication, theft of systems, web SMS, pornography and Interpol cases.

Those involved in crimes of stealing codes and misusing online data or hacking can be punished for three to five years imprisonment if found guilty by special tribunals.

Syed Ammar Jafri, head of the NR3C told Dawn that the agency has started an awareness campaign against cyber crimes by organising workshops and seminars on cyber security challenges and solutions. The NR3C provides single point of contact for local and foreign organisations for matters related to cyber crimes It is imparting training and related security education to persons of government/semi-government and private sector organisations.

Mr Jafri however warned that what happened at the NBP could happen at any other bank. The NBP was targeted for the lack of security. He said cyber crime was a reality. In majority of the developing countries, where cyber crimes are on the rise, the clients have been demanding of the banks to bear the burden of money fraudulently withdrawn from its ATMs by mis-using a client’s cash cards.

The business community in Hong Kong has demanded that in cases where the gross negligence of the account holders was not involved, banks must bear the full loss incurred. Otherwise, it may undermine customers’ confidence in the use of ATMs. It is in the interests of banks to prevent ATM frauds and bear the losses where the clients are not responsible for any negligence.

There is also a need to take precautionary measures for giving greater protection to ATMs, particularly those located in less secure areas. It is, of course, for the individual banks, exercising their own judgement, to determine the appropriate precautionary measures needed. The security features of ATMs can be ensured by monitoring these machines continuously after installing closed-circuit television; implementing a mechanism that records relevant information on

ATM cards or credit cards so that banks can determine whether an unauthorised ATM transaction is carried out through a counterfeit card; patrolling ATMs more frequently during and after office hours; encouraging customers to report any suspicious devices detected on ATMs and providing them with the relevant telephone number to do so at the ATMs; and alerting customers if any unusual transaction patterns are noted.

There is a need also for depositors to exercise greater care in protecting their cards and PINs. For handling cases involving customers who may have the bad luck to be victims of ATM frauds, banks must introduce complaint handling procedures. They should have systems in place to ensure that customer complaints are promptly investigated and resolved in a satisfactory manner. While the FIA should be notified as soon as possible, given the suspicion of fraud involved, the internal investigation of the banks should be conducted promptly and the complainants kept informed. (Courtesy PBA)

Monday, July 13, 2009

Larceny case registered against MPA Shumaila


LAHORE: Punjab Chief Minister Shahbaz Sharif directed police authorities to take legal action against MPA Shumaila Rana by registering the larceny case against her for stealing credit cards.

According to Punjab Government spokesman, the CM directed police to expedite investigations against her and take disciplinary action in the light of the investigations.

Earlier, Shahbaz Sharif asked for the details of MPA Shumaila Rana larceny case.

Meantime talking to Geo News, Senior Adviser and PML-N Punjab President Sardar Zulfiqar Ali Khan Khosa said this is a plain case of theft and Shumaila Rana will have to resign like former MNA Haji Pervez.

Khosa said in case the theft is confirmed, then legal action will be taken against her; also, she will have to face disciplinary action from party.

Saturday, July 11, 2009

CPLC to launch new database in Central Jail Karachi


The Citizen Police Liaison Committee (CPLC) has recently introduced a jail up gradation project called Prison Management Information System which will manage the records and history of those imprisoned in local jails, The News has learnt.

CPLC Chief Sharfuddin Memon said that CPLC is planning to upgrade other prisons in Sindh phase-wise, thereby providing law enforcement agencies with a comprehensive record of a suspect or convict, which would help them with investigations.

The Prison Management Information System (PMIS) was initially developed by the CPLC in 2001, under which a jail information system was developed. This was been implemented and computerised to integrate all functions of Sindh jail at all levels. The PMIS software is the latest and state-of-the-art information technology available to help the management, at all levels, including planning, critical analysis, monitoring, decision-making and execution of day-to-day operation.

The requirements of the prison department were reanalysed after the implementation of the PMIS system. Subsequently, the new automated fingerprint identification system (AFIS)-based integrated software was developed with different modules set to perform particular functions, including profile of inmates, prisoner information, prisoner property, prisoner medical information, prisoner enrolment (capturing of fingerprint & image), crime detail, court history, remission system, release diary, search engine, prisoner identification / verification, visitor monitoring – access control system, user privileges, data import export module and dial up module.

Due to the lack of such a system, convicts would often be released earlier than their stipulated term with the help of false names and release orders.

A senior officer, on the condition of anonymity, told The News that the government is interested in adopting newer technologies to help coordinate investigations and share intelligence, thereby addressing long-standing issues of security. There are also suggestions that the scope of this system would soon be broadened to turn it into a country-wide database.

In Sindh, over 3,000 inmates are confined in 21 jails of the province, out of which two-thirds are under trail. Sources said that information about these inmates would not only be computerised, but access to this data would be provided to the judiciary, thereby reducing the number of adjournments granted by judges and magistrates. It is also expected that email links to defence lawyers would expedite advance disclosures and reduce the number of adjournments granted.

Since fingerprints are viewed as the most reliable method of establishing identification, AFIS will be a constituent part of the new system, and access to this would be made available to custody and investigation units where timely identification is critical. The availability of standard-based wide-area network means that all AFISs can be linked together, providing on-line access to all fingerprints stored in the database.

The police officer informed The News that the software would compile the complete record of an inmate, making it difficult for him to be released on a false identity.

The system would also curtail the escapes from courts, as jail police would have complete information of the escapees enabling them to catch the suspects easily.

The system would also help increase court production of prisoners, and maintain a record of the prisoner’s appearances in court. The system would also maintain records of a prisoner’s jail meetings along with their medical history.

The police officer said that often, release orders are issued for inmates after they complete their terms or are even exonerated, but jail staff demand a handsome bribe to release them. If the inmate fails to deliver the amount, then their release is further delayed and the matter turns into one of illegal detention.

Through this system, however, whenever the court issues release orders, the information would come on record and instances of corruption would be reduced. Similarly, a record of items which the inmate was carrying when he was lodged in jail would also be maintained, and these items would be returned to the inmate on his release.

Ebad, Malik and Kamal in Dubai for talks on Local Bodies


The major legislators of MQM including Sindh Governor Dr Ishrat-ul-Ebad Khan and city Nazim Syed Mustafa Kamal have also rushed to Dubai.
Reports are pouring in that Interior Minister Rehman Malik is also present there and they all have gone to attend a wedding ceremony but some vital decisions are to take place there also in a closed door meeting regarding the placement of administrator for Karachi while the local governments have been dissolved.
Other issues to be discussed include funds promised by the President Asif Ali Zardari for the development of Karachi.
Dr Asim Hussain, who was also scheduled to leave for Dubai but could not leave due to his other engagements, said that now it is the prerogative of provincial government to appoint a political administrator or one from the bureaucracy. When asked whether Mustafa Kamal will be retained as administrator Karachi as he is also present in Dubai, he said that it is now in the power of provincial government.

Wednesday, July 8, 2009

POL prices cut on SC order


* Petrol price now Rs 50.58 per litre, HOBC Rs 62.54, kerosene oil Rs 52.89 and light diesel oil Rs 51.46

ISLAMABAD: The government reduced the prices of petroleum products on Tuesday after the Supreme Court temporarily suspended the implementation of the carbon surcharge and directed the Oil and Gas Regulatory Authority (OGRA) earlier in the day to issue a notification.

According to an OGRA notification issued late on Tuesday, the government has withdrawn the carbon tax and reduced POL prices that would come into effect today (Wednesday).

According to the notification, petrol prices have been reduced by Rs 11.55 per litre to Rs 50.58 from 62.13, a reduction of 18.6 percent; HOBC prices by Rs 16.24 per litre to Rs 62.54 from 78.78, a reduction of 20 percent; kerosene oil prices by Rs 6.46 per litre to Rs 52.89 from Rs 59.35, a reduction of 11 percent; and light diesel oil prices by Rs 3.48 per litre to Rs 51.46 from Rs 54.94, a reduction of 6.33 percent.

Earlier on Tuesday, a three-member bench – headed by Chief Justice Iftikhar Chaudhry – said the implementation of the carbon tax would remain suspended until a final decision in the case, and then adjourned proceedings until July 9.

PPP Senator Rukhsana Zubairi and PML-N Secretary General Iqbal Zafar Jhagra had filed separate petitions challenging the increase in petroleum prices.

In its short order, the court said as the government had made no effort to protect the environment through carbon tax, it had no right to charge people for the facility.

The court also summoned the environment secretary at the next hearing for an explanation on whether the ministry had proposed the carbon tax.

Appearing on notice, Attorney General Latif Khosa told the court that the government had to impose the tax in order to overcome the budget deficit.

The chief justice, however, observed that such decisions were not in accordance with good governance.

A judicial commission had earlier presented its interim report on rising oil prices in the country and proposed a “fair and proper cut” in petroleum prices.