Banks must strengthen security systems to counter cyber heists

block

NEWS media reported that transnational scammers in May attacked three Bangladeshi commercial banks’ networks and stole around Tk 25 crore from Dutch Bangla Bank Limited (DBBL) while two other banks — NCC Bank and Prime Bank — claimed they however managed to avert financial losses.
Intelligence agencies said hackers planted malware in the DBBL’s switch (Card Management System) around three months ago and made a perfect replica of it, which the bank could not detect. When hackers went for transactions last month, the proxy or the shadow switch gave instructions to release funds, keeping the bank completely in the dark. Hackers made off with around $3 million between May 1 and 3 from cash machines in Cyprus, Russia and Ukraine. Hackers used credit cards and Personal Identification Numbers (PINs) of the DBBL to steal the money.
The DBBL came to know about the fraud when Visa — a global payment solution provider — asked it to settle payments for transactions made by the bank’s “clients” in Cyprus. Initially, the DBBL refused to pay as its server didn’t show any of the transactions. Then Visa came up with “solid proof”, and the bank was compelled to pay. Around a couple of weeks later, the DBBL’s nine ATMs have fallen prey to an international hacker group that stole around Tk 16 lakh on May 31. Law enforcers later arrested six Ukrainians in connection with the theft. After the hacking attempt, the bank suspended payments through the automated cheque processing system for a few days.
Out of 58 banks in the country, only three — Eastern Bank Limited, City Bank and Mutual Trust Bank Limited — have got certification for complying with the Payment Card Industry Data Security Standard. What’s clear is that other banks are not making enough investments to strengthen their IT Security and Human Resources, and this is one of the key reasons for vulnerabilities in their cyber security systems. It’s also surprising that many banks went for automation without sufficient IT infrastructure. We must say, without strengthening IT security system it would impossible for the banks to operate smooth financial transactions in the coming days.

block