Cyber Incident Victim: Standard Chartered Bank
Date:
Feb 2015
Location:
Pakistan
Summary
Hackers compromised Standard Chartered Bank ATMs in Pakistan through a skimming attack, enabling unauthorized cash withdrawals from customer accounts and transfers of funds to England. The breach triggered transaction alerts for some customers, while others discovered blocked debit cards during declined ATM attempts. Attackers accessed debit card records to facilitate the theft and subsequently blocked affected cards, requiring reissuance. The bank acknowledged the incident, assured reimbursement of stolen funds under insurance coverage, and stated most customers had already received repayments, though some faced delays. A spokesperson described such skimming attempts as increasingly common in Pakistan's banking sector, highlighting systemic security challenges. The incident undermined customer trust and raised concerns about the institution's security measures despite its global presence.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In February 2015, Standard Chartered Bank’s operations in Pakistan experienced a cybersecurity incident involving unauthorized ATM withdrawals from customer accounts. Customers began receiving unsolicited transaction alerts via SMS and email notifying them of cash withdrawals totaling Rs. 50,000 (approximately $500), despite having initiated no such transactions. Some affected customers discovered the compromise only when their debit cards were abruptly blocked or when ATM transactions were declined. Forensic analysis indicated that substantial funds were rapidly transferred from Pakistan to England within seconds, though the exact number of impacted accounts remained unconfirmed at the time of reporting. The bank initially attributed the incident to a breach of its online systems and assured customers of reimbursement, though processing delays left many awaiting resolution. Customers escalated complaints through multiple channels—contacting call centers, visiting branches, and engaging fraud department personnel—with inconsistent responses, including one case where a branch manager cited "criminal activity" as the cause without further elaboration.
The attack was subsequently identified as an ATM skimming operation involving physical compromise of bank terminals. Hackers installed disguised card readers that captured debit card numbers and PINs, enabling the creation of counterfeit cards to facilitate fraudulent international transfers. Standard Chartered Pakistan spokesperson Farhan Ahmed confirmed this method in an official statement, acknowledging recurring skimming attempts within Pakistan’s banking sector and emphasizing that customer funds were insured. The bank initiated card-blocking measures and mandated reissuance of compromised debit cards while processing reimbursements, claiming most affected customers had already recovered their losses. However, the incident exposed systemic security vulnerabilities, particularly the absence of advanced protective measures at ATMs despite the bank’s international presence. This breach eroded customer trust in digital banking services and inflicted reputational damage across Standard Chartered’s operational regions, with public criticism focusing on the institution’s failure to preempt known skimming threats prevalent in local banking infrastructure.