With an aim to help local banks to mitigate the foreseen risk of security threats more efficiently and make electronic transactions more secure in Pakistan, the State Bank of Pakistan (SBP) is reportedly all set to issue regulators for “internet banking” with-in few weeks, said a speaker at ninth InfoSec 2014 conference.
The conference was organised by Total Communications with the support of ISACA, Karachi Chapter.
“We hope things (security level and e-banking penetration) will improve after the introduction of SBP Regulations on Internet Banking,” said Athar Ahmed, Chief Information Security Officer at United Bank Limited.
He was speaking at a panel discussion on “Mobile: A Fertile Space for Financial Crime.” The draft on the regulations suggests SBP wanted to minimise the risk of security breach by hackers, who usually did frauds during electronic transactions, he said.
He said the central bank was working upon the regulations for the last eight to 12 months. The bank has revised the draft multiple times on the feedback from the stakeholders.
“The Pakistan Banking Council and banks are among stakeholders,” he said. Responding to a question on sidelines of the event, Ahmed replied those would be the first of its kind regulations on the internet banking. Earlier, SBP has introduced IT Security Regulations.
Iftikhar Arif at Muller & Phipps said customers’ satisfaction regarding making their data available to none remained one of the biggest challenges in e-banking in Pakistan.
“Banks have taken several measures regarding this, but customers are yet to trust,” he said. He suggested users should not create passwords in the names of their siblings, and their date of births. Instead, they should create a complex password which should be a combination of alphabets, numeric, and special symbols like the sign of @. “Creating a simple password makes the job of hackers easier.”
Hussein Hassanali, Chief Information Security Officer at Bank AL Habib Limited, said some 70 percent financial transactions were made through conventional banking channels in Pakistan – including account holders visiting banks. And rest of 30 percent such transactions were made through electronic channels. “The e-channels include use of ATMs machines, internet, and mobile phones,” he said.
In developed markets, he said, banks disbursed loans through e-channels, and accountholders payoff the borrowing through the same channels. And in Pakistan, very small number of banks and people were doing so. Most of the people here are using e-channels to draw money from ATMs and paying utility bills only. “The growth rate of e-banking in Pakistan is 10-20 percent per annum,” said Hassanali.
Faiz Shuja of Rewterz, Imran Daudi of Habib Bank Limited (HBL) and Mahir Mohsin of Trillium stressed to ensure that account holders are using thoroughly tested mobile apps and software – especially those developed by the third-party developers.
They said many times the third-party software developers lack the relevant knowledge. They also stressed upon the need of creating awareness about security threats among end-users, who never read about security features about the apps and software they are using. “In any of the cases, the security threats cannot be minimised to zero level,” said Daudi of HBL