Bank Islami

Bank Islami Pakistan Limited, headquartered in Pakistan, experienced a significant cybersecurity incident on October 27, 2018. The breach involved unauthorized international transactions processed through its payment card system, with fraudulent activity originating from outside Pakistan. The bank's security team detected this abnormal activity and promptly responded by disabling access to international payment networks to contain the incident. This immediate action was taken to prevent further unauthorized transactions on customer cards. The fraudulent transactions reportedly occurred at automated teller machines and point-of-sale terminals in multiple countries, including the United States and Brazil. Unverified reports from the time suggested that the compromise of customer card data may have contributed to the attack, though this was not officially confirmed by the bank. The scope of the incident was substantial enough to draw the attention of Pakistan's central banking regulator, which publicly confirmed the fraudulent overseas card usage.

Following the breach, Bank Islami took steps to reimburse its affected customers, covering approximately 2.6 million Pakistani rupees, equivalent to about $19,500 at the time, in verified losses. The institution publicly disputed claims from international payment processors that the total theft amounted to $6 million, arguing that the figure was inaccurate because its systems were disconnected before that level of loss could occur. The regulatory response included the implementation of temporary restrictions on international transactions for domestically issued cards, a measure intended to protect the broader banking sector from similar exploits. This incident highlighted vulnerabilities in cross-border payment card security and prompted a review of transaction monitoring protocols. The event remains a notable case in Pakistan's financial cybersecurity history, illustrating the challenges of securing card systems against international fraud rings and the complex interplay between issuing banks, international processors, and regulators in attributing and resolving such breaches. The bank's handling of the incident, including its dispute over the loss magnitude, underscored the operational and reputational risks associated with payment card compromises.