BankIslami / Pakistan banking card breach
Fraudulent withdrawals at BankIslami triggered Pakistan's largest banking-sector breach, with details of more than 19,000 payment cards from 22 banks dumped for sale on the Joker's Stash carding forum and cashed out via ATMs and POS terminals abroad.
- Victim
- BankIslami Pakistan
- Loss
- $6.0M
- records
- 19.0K
- users
- 19.0K
In late October 2018, BankIslami Pakistan detected a wave of fraudulent transactions that unravelled into the largest banking-sector cyber breach in Pakistan's history. While the initial loss at BankIslami was modest, the incident exposed payment-card data from across the national banking system, with stolen cards trafficked on international carding forums.
What happened
On the morning of 27 October 2018, BankIslami detected abnormal transactions of roughly Rs 2.6 million (about US$20,000) on one of its international payment-card schemes. The bank moved quickly, suspending international card operations and issuing a public statement the next day.
But the BankIslami detection was only the visible tip. Within days, security researchers found two data dumps posted to the Joker's Stash dark-web carding marketplace β one on 26 October and a larger one on 31 October β together containing details of more than 19,000 payment cards belonging to customers of 22 Pakistani banks. Habib Bank Limited had the largest share. The stolen cards were priced between roughly US$100 and US$160 each and were cashed out via ATMs and point-of-sale terminals in countries including the United States and Russia.
How it happened
Investigators concluded the cards had not been stolen through a single network intrusion into the banks' core servers. Instead, the data was consistent with card skimming β malicious devices planted on ATMs and POS terminals β supplemented in BankIslami's case by compromise of payment-switch infrastructure. The breadth of banks affected ruled out a single digital server compromise and pointed to a broader cash-out operation against the Pakistani card ecosystem.
Response
BankIslami stated that affected customers would be reimbursed and reissued cards. The State Bank of Pakistan issued advisories requiring continuous security updates, real-time monitoring of card operations, and coordination with payment schemes; in response, around ten banks temporarily suspended international card withdrawals. The Federal Investigation Agency's cybercrime chief told media that "almost all" major Pakistani banks had been affected, and opened more than 100 cases.
Why it matters
The 2018 episode was a turning point for payment-card security in Pakistan. It exposed systemic weaknesses β limited EMV chip enforcement, weak ATM/POS monitoring, and slow fraud detection β across the country's banking sector, and pushed the central bank toward stricter card-security mandates and accelerated migration to chip-and-PIN. It remains the canonical Pakistani example of mass card compromise feeding the global carding underground.
Timeline
A first batch of stolen Pakistani payment-card data appears for sale on the Joker's Stash dark-web carding forum.
BankIslami detects abnormal transactions of about Rs 2.6 million on one of its international payment-card schemes.
BankIslami issues a press release confirming the cyberattack and halts international card transactions.
A second, larger dump appears; researchers tally over 19,000 cards from 22 Pakistani banks, cashed out via ATMs and POS abroad.
The FIA cybercrime chief states that 'almost all' major Pakistani banks were affected; the State Bank of Pakistan issues security directives.
Sources
- dawn.comhttps://www.dawn.com/news/1443970
- geo.tvhttps://www.geo.tv/latest/217471-cyber-attack-on-pakistani-banks-what-we-know-so-far
- rewterz.comhttps://rewterz.com/articles/bankislami-hit-by-cyber-attack-6-million-stolen
- profit.pakistantoday.com.pkhttps://profit.pakistantoday.com.pk/2018/10/29/bankislami-becomes-victim-of-6-5-million-cyber-attack/