Indian Hackers Attack HBL ATMs to Steal Thousands of Rupees

Hackers, allegedly originating from India, managed to hijack some debit cards of Habib Bank Limited through ATM Skimming and were able to steal several hundred thousand rupees, Daily Pakistan reported today.

According to reports, that we have verified independently, at least 18 HBL customers became victim of debit card fraud as money was withdrawn from their accounts without their knowledge.

All these customers were maintaining account with HBL through its Walton Road Lahore branch.

Victims told Daily Pakistan that they received SMS notifications when funds were withdrawn from their account, however, their debit cards were in their possession and they were at their homes.

These customers, when approached their branch to get clarification on the matter, were told,”Your account had been hacked by Indian cyber criminals” and were given claim form to fill to reclaim their funds.

ATM skimming is a type of fraud which occurs when an ATM is compromised by a skimming device, a card reader which can be disguised to look like a part of the machine.

The card reader saves the users’ card number and pin code, which is then replicated into a counterfeit copy for theft.

Walton Road Lahore Branch of HBL communicated the victim account holders that their funds will get reversed in 15 to 20 days.

Quoting the senior operations manager of HBL Walton Road Branch, Daily times said that bank is probing the case from every angle. It said that ATM cards of such hacked accounts have been blocked.

For those who don’t know, ATM skimming is a type of fraud which occurs when an ATM is compromised by a skimming device, a card reader which can be disguised to look like a part of the machine. The card reader saves the users’ card number and pin code, which is then replicated into a counterfeit copy for theft.

A similar debit card hacking incident happened with Standard Chartered Bank customers earlier this year and they lost hundreds of thousands rupees through a similarly functioning scheme.

Banks around the world ensure that their ATM machines are clean and aren’t skimmed. However, it appears that Pakistani banks have failed to safeguard their ATM machines and users and as a result, debit/credit data is stolen from ATM machines installed across the country.

Tech and telecom reporter with over 15 years of experience, he works as founder of ProPakistani.PK

  • how come these skimming devices installed and than hacked by Indians ?? interesting “RAW” Factor is here ?? Just asking !

  • A lot of people still don’t know about these devices. More awareness campaigns are needed.

    Also, I don’t think there was just a skimming device installed as they can’t extract the card’s PIN. A pinhole camera is usually used glued above the keypad which records as the customer enters the PIN. That is why it is best to cover the keypad from above with one hand before entering the PIN.

  • Seems writter doesnot know ATM skimming. ATM skimming is when someone illegally copies your account details from the magnetic strip on your credit or debit card when you use an ATM. 
    Magnetic stripe card is old. Time to go with chip based card. Can’t copy

  • There is huge market available for skimmed cards so if someone gets such data they usually do not take risk by using it on their own, rather they sell it in international markets. This time this data was bought by indians …. STUPID statements and misleading title

  • Ridiculous. How come Indian hackers could do this. The skimming device has to be installed physically at an atm location. For that they need to be in Pakistan. Propakistani need to hire technically sound bloggers

    • I wonder how hbl cards were used to withdraw money overseas? Last time I went to their bank and asked about withdrawing money from abroad they told me their visa card only works on Pakistan and not even on internet.

      • I was also wondering about this. Then I assumed after hacking the stuff, one of those guys must have visited an HBL ATM machine in Pakistan personally, like we all do to draw cash in usual manner. Right? Or not?

  • As already commented u need to have physical access to skim a card. And if i say if which i doubt that india was involved they can locate the atm/pos on which the atm was used. Cz whenevr u use ur atm the atm location is recorded. My hunch is this was done by the branch locally some blacksheeps at their bank did this and hbl is just covering it by blaming it on india.

  • Poorly written article with no knowledge of how ATMs and ATM card work. First of all transaction on ATM requires Pin and that is NOT stored on card.

    In order to compromise a card, you need to clone the Card (this is called skimming) which is done by placing skimming device on a genuine ATMs card reader (the solution is anti skimming devices like Jittering devices). Secondly still Pin is needed. Either via a fake pin pad on top of genuine one or by putting some sort of camera to capture pin.

  • I think banks should introduce ATM Pin Generating devices for their customers. Customers could keep those devices in their pockets or at home. Whenever they want to use their cards, they could insert their ATM card into that device to generate a new Pin code. This could save from ATM skimming.

  • Yesterday i have visited atm to draw Rs 5000 cash before that i have a mini statement its show the number of transaction of total 50,000 POS sale which i have not done. Well I enquire this transaction is the same date and time when i inserted the card in atm. So please guide me what i do i have launched the application and complaint as well so this type is also skimming ? and please guide me weather my money will return. I have a account in faysal bank.

  • For those who are actually in the state of confusion, how the hell device can be installed or stolen from the BANK ATM.

    Here’s how?

    ATM at HBL would be rolling out NFC enable point of sale terminals to the merchant locations where NFC users would be able to execute the transactions

    Fraudie should have 2 cell phones, one should be NFC ON RELAY MODE, another as a reader, using this method a bystander fraudie can read the data intercepted, worst case scenario whether you insert your card CC into the MACHINE OR NOT.

  • close