Thursday, September 23, 2004

Internet Fraud at AKD Trade

According to this scoop: "Last July some employees at AKD Trade,an Internet trading arm of brokerage house AKD Securities, from the information technology, settlements and trading divisions colluded to conduct unauthorized trade. This resulted in a loss of Rs 29 million of which Rs 9 million has been recovered. Brokers estimate the losses on those trades to amount to Rs 100 million to Rs 150 million.
The Securities & Exchange Commission of Pakistan (SECP) has asked AKD Trade to submit a report to the apex regulator about this recent incident at the firm."


Anonymous said...

I am not at all surprised. This society is rushing into the digital information age like a herd of wild buffaloes.

When my bank started offering statements sent via email last year, I asked them whether the emails would be secured or not because hacking emails was like Introduction to Hacking 101 and I didn't want my bank statements being delivered electronically unsecure. They had absolutely no idea what I was talking about and evaded any further discussion on the subject. And I have also noticed that online stores here that collect credit cards for payments don't bother to secure their pages and are clueless on how to secure customer information properly.

I can recall at least a few incidents over the past few years of credit card data theft from banks, and some very reputable ones at that. So is it a wonder that online stock exchange trading hasn't been left behind in the race?
- Merlinx

Salman Siddiqui said...

It's shocking and yet not too surprising to learn that Merl- but I wonder why arn't the people in the IT departments of these banks pointing out the flaws and security threats to their managers. And why arn't the managers listening? I mean does a company have to suffer losses first,as huge as AKD Trade did, to take action?

Anonymous said...

Well this is my personal opinion but I think there are a variety of reasons why this is so. For one, I feel that banks and all financial institutions in Pakisan have a delegative rather than collaborative working environment. The people who are at the top, the decision makers, basically delegate down the ranks what needs to happen and there is not much of a culture of having creative debates with the top brass on such strategic issues. The environment is somewhat autocratic at least, and very high in some institutions. I haven't seen many financial institutions here where they brainstorm on such subjects and collect the best course of action to take. Because IT is a supporting service in financial institutions, it is usually taking orders from the higher ups and is seldom included in decision making processes or planning, maybe with the exception of foreign banks. At times operations teams and depts. implement higher-ups' decisions or State Bank's directives in an ad hoc fashion. These organizations are so big that things aren't always streamlined and corporate-cultural issues only make things worse in some cases. Try dealing with customer service depts. of many banks and you'll get a first-hand flavor.

Secondly, I have often seen some very low-grade IT "professionals" find their way into financial institutions. Every now and then you will find some person with a really 3rd-grade IT background commandeering an IT dept. at some bank or branch, who basically does little more than vendor coordination, outsourcing and fixing forgotten user passwords or replacing PCs. You can well imagine what will happen if such a person is called upon to make high-end strategic decisions.

Also, even if you have capable people in the ranks, a handful of such incompetent people are enough to bungle up things. And banks' manpower is simply too great to keep an eye on everyone and there are no HR quality management processes in place. Remember what happened to Barings Bank in the 1990s? One person managed to wipe out a multi-billion dollar bank because of poor risk management in one night literally.

In a way this is a cultural rather than technical issue. In the case of the bank I quoted in my earlier email, for one the front-line staff was not even conversant with the terms let alone knowledgeable about the service that the bank was offering. When the bank decided to introduce the service, they should have also trained the customer service staff to be able to respond to such obvious questions rather than avoid the discussion. Managers and decision-makers are often keen to get their services up and running and worry about such bungle ups later.

The same thing applies to these online stores. The people with the money understand that customers should be able to use credit cards to make purchases. But then they don't have people in their IT teams to implement the strategies properly. Or they are too cheap to spend on good IT people that who get these things done properly. The philosophy in at least some cases is to get the cheapest person to do the job...probably some inexperienced programmer who knows web page coding and design but nothing about the norms and procedures of establishing an online storefront properly. He'll make a page to allow payments with credit cards without securing the page.

We're getting their by trial and error basically. Organizations like AKD will learn but after being burnt or watching other peers get burnt and then learn from their mistakes. Not the most effective way of doing things.
- Merlinx

Salman Siddiqui said...

Intersting analysis.

Anonymous said...

i m wondering what to call this , to the best of my knowledge it is INTERERNAL not Internet fraud.
One advice for spider and zunaira, please dont get into something you dont know.
read the story "ELECTRIC DREAMS" it was a 2 page COVER STORY full of jargons with causal or no research.


Zunaira said...

FYI: The two pager is a comment that looks at ecommerce developments in Pakistan to date. I compliment myself on leaving jargon out at the risk of sounding simple. The coverstory spans 6 pages.

As for your 'dont get into...', please do not visit this blog or read Spider if you find yourself taxed with the amount of info in print/online.

Anonymous said...

Dear Anon: It doesn't matter if its "INTERERNAL" or Internet based fraud, it all falls under the umbrella of contemporary EDP fraud. Irrespective of whether it happened to someone's credit card in a bank or with an online stock trading account, the security issues are more or less the same because its the same domain we're dealing with.

Also, there's no need to get all exasperated and squirt spitball criticism from a pea-shooter at anyone. Everyone's entitled to his or her opinion whether anyone else agrees or not, whether they are laypersons, professionals or journalists writing in a magazine. Dig?

amber said...

I really enjoy your content on investment fraud and will be back very frequently! I actually have my own investment fraud secrets blog with all kinds of secret stuff in it. You're welcome to come by!

ashley said...

I really like your conversation on investment fraud. I have a investment fraud secrets blog if you wanna come on over and check my stuff out.