AGL 38.00 No Change ▼ 0.00 (0%)
AIRLINK 213.91 Increased By ▲ 3.53 (1.68%)
BOP 9.42 Decreased By ▼ -0.06 (-0.63%)
CNERGY 6.29 Decreased By ▼ -0.19 (-2.93%)
DCL 8.77 Decreased By ▼ -0.19 (-2.12%)
DFML 42.21 Increased By ▲ 3.84 (10.01%)
DGKC 94.12 Decreased By ▼ -2.80 (-2.89%)
FCCL 35.19 Decreased By ▼ -1.21 (-3.32%)
FFBL 88.94 No Change ▼ 0.00 (0%)
FFL 16.39 Increased By ▲ 1.44 (9.63%)
HUBC 126.90 Decreased By ▼ -3.79 (-2.9%)
HUMNL 13.37 Increased By ▲ 0.08 (0.6%)
KEL 5.31 Decreased By ▼ -0.19 (-3.45%)
KOSM 6.94 Increased By ▲ 0.01 (0.14%)
MLCF 42.98 Decreased By ▼ -1.80 (-4.02%)
NBP 58.85 Decreased By ▼ -0.22 (-0.37%)
OGDC 219.42 Decreased By ▼ -10.71 (-4.65%)
PAEL 39.16 Decreased By ▼ -0.13 (-0.33%)
PIBTL 8.18 Decreased By ▼ -0.13 (-1.56%)
PPL 191.66 Decreased By ▼ -8.69 (-4.34%)
PRL 37.92 Decreased By ▼ -0.96 (-2.47%)
PTC 26.34 Decreased By ▼ -0.54 (-2.01%)
SEARL 104.00 Increased By ▲ 0.37 (0.36%)
TELE 8.39 Decreased By ▼ -0.06 (-0.71%)
TOMCL 34.75 Decreased By ▼ -0.50 (-1.42%)
TPLP 12.88 Decreased By ▼ -0.64 (-4.73%)
TREET 25.34 Increased By ▲ 0.33 (1.32%)
TRG 70.45 Increased By ▲ 6.33 (9.87%)
UNITY 33.39 Decreased By ▼ -1.13 (-3.27%)
WTL 1.72 Decreased By ▼ -0.06 (-3.37%)
BR100 11,881 Decreased By -216 (-1.79%)
BR30 36,807 Decreased By -908.3 (-2.41%)
KSE100 110,423 Decreased By -1991.5 (-1.77%)
KSE30 34,778 Decreased By -730.1 (-2.06%)

Events over past six weeks have exposed cyber threats to Pakistan’s digital payments infrastructure. Issued last week, the central bank’s specific guidelines on digital payment security are a belated, but much-needed awakening. A lot more needs to be done. To start with, Pakistani state needs to recognize that organised cyber crimes, especially of the financial kind, pose a direct threat to national security.

In the wake of the recent breach, there is confusion over where the buck stops. The SBP is the banking custodian. But its mandate covers reducing financial risk and ensuring business continuity – not fighting off cyber threats in particular. Globally, central banks like the Federal Reserve and the Bank of England regularly issue guidelines on cyber security and take steps to ensure compliance, but they are not responsible for or expected to reduce cyber thefts in the broader environment.

So who is in charge? It was in 2007 when the Pakistani state decided to fight cyber crimes in an organised manner, through a ‘National Response Centre for Cyber Crimes’ (NR3C). The institution chosen to house NR3C was the Federal Investigation Agency (FIA), which falls under the Ministry of Interior. (Countries such as the US, France and India have housed their cyber-security wings under their Interior/Homeland ministries; the UK, however, opted for a military umbrella in its GCHQ directorate).

But the NR3C may be ill-equipped to fight organised cyber crime, especially of trans-national nature. Its current mandate is really broad – covering cyber crimes (hacking, cyber bullying/stalking, data/identity theft, financial fraud, denial of service attacks, etc.) and providing forensic services (computer/ mobile/video forensics, network forensics and technical training).

And as the name suggests, NR3C is a reactive organisation that mostly “responds” to cyber crimes, often undertaken by individuals and small groups. Even there, a complaint’s journey through “enquiry” to “case” to “prosecution” to “conviction” to “arrest” is terribly slow. A different, “cross-sectional” setup is required to proactively focus on reducing “systemic risk” arising from a spectrum of “organised” cyber crimes.

Until that happens, the banking regulator has, between the lines, made it clear it won’t be made a scapegoat. As differences emerged last month between FIA and SBP over how to reduce banking system’s cyber exposure, the SBP officials reportedly told FIA officials that “the ultimate responsibility for IT security rests with the board of directors and the senior management of the banks/DFIs”.
https://www.dawn.com/news/1445665

For the matter in question, digital payments security, it is the responsibility of the banks to boost their IT capabilities and secure their customers’ deposits and trust. (In the coming days, this column will analyze the likely impact of the SBP’s recent payment security rules on the banking and IT industries). But that alone will not cut it in the absence of an effective cyber-coordination mechanism among the state’s financial, telecoms, judicial and law enforcement authorities.

Copyright Business Recorder, 2018

Comments

Comments are closed.