Meezan Bank Customers Hit by Surge in Cyber Fraud: Experts Urge Caution

KARACHI:

Meezan Bank customers are facing a significant rise in unauthorized transactions, with numerous complaints surfacing on social media about debit and credit cards being charged on various websites without users’ consent. The situation has raised concerns among the public, prompting the bank to issue an urgent advisory.

According to the advisory, customers are advised to avoid using their cards on untrusted websites, refrain from banking on public Wi-Fi networks, and stay alert against phishing attempts. The advisory clarified, "Reports are circulating on social media that people's debit and credit cards are being charged without their consent."

Nouman Younas, co-founder of AwamiWeb, reported an alarming case where unauthorized transactions totaling Rs1.4 million were made using his Meezan Bank debit card. The charges, in Malaysian currency and through Facebook, occurred despite Younas never using his card for online transactions. He has since filed a fraud complaint with the bank.

Reasons Behind the Surge

Cybersecurity expert and startup founder, Dr. Affan A. Syed, explained the two likely causes for the surge in cyber fraud:

1. Data Breaches: Hackers could have accessed sensitive information from an external source.

2. Phishing Scams: Customers may have been tricked into sharing personal details like OTPs, card information, or other credentials.

Scammers frequently exploit personal details—such as phone numbers, email addresses, or ID numbers—which can be sold on the dark web and used to bypass security systems. "Users often unknowingly provide information that hackers use to breach accounts," Dr. Syed warned.

How Scams Unfold

Cybercriminals use various methods to gain access to users’ information:

Honey Traps: Links or offers tailored to users’ interests.

Fake OTP Requests: Tricking users into revealing one-time passwords (OTPs) under false pretenses.

Social Engineering: Manipulating users into sharing sensitive data.

Dr. Syed added that specific banks may become targets if their datasets are compromised or sold on the dark web, though he clarified that without thorough investigation, the exact cause remains speculative.

Meezan Bank's Response

Meezan Bank has categorically denied any breach in its systems, stating, "Rumours regarding a data breach at Meezan Bank are entirely false. The bank is PCI-certified, and all cards are EMV and 3DSecure compliant."

To reassure its customers, the bank emphasized that recent unauthorized transactions involved unsecured e-commerce platforms. These incidents fall under international payment schemes’ chargeback mechanisms, ensuring affected users will be reimbursed.

Precautionary Measures for Customers

The bank has advised customers to take the following steps:

Avoid using cards on untrusted or unfamiliar websites.

Never conduct banking transactions over public Wi-Fi networks.

Be cautious of phishing emails, messages, or calls that request card details or OTPs, even if they seem legitimate.

Immediately report lost or stolen cards to the bank.

Reimbursements and Investigations

Meezan Bank confirmed it is taking all necessary measures to ensure affected customers are compensated promptly. Meanwhile, the incident has reignited concerns about cybersecurity in Pakistan’s banking sector, highlighting the need for robust measures to protect both institutions and consumers.