Many Bangladeshi bank cardholders are falling prey to the stealing of their cards’ credentials amid outrageous cyber-attacks on the banking system, sources say.
Such skimming has gone to such a pass that the state-run Bangladesh e-Government Computer Incident Response Team (BGD e-Gov CIRT) terms the situation “too alarming and sensitive”.
In its recent report on the cyber-attacks the team said credentials of about 46.03 per cent of classic cardholders were found stolen.
On the other hand, around 89.54 per cent are in the category of VISA cards in which user credentials are leaked on the dark web, it says.
The agency states that cybercriminals the number of whom has risen alarmingly have been making forays to steal the card-user’s credentials and rob them.
Besides, credentials of about 8.36 per cent of Mastercard holders also were found leaked during the cyber-counteroffensive.
Bangladesh has recently been experiencing the increased number of cyber-attacks at different commercial and service-providing outlets despite adopting various precautionary means and measures.
The number of cyber-related incidents is also escalating as the country gained a substantial improvement, especially on socioeconomic front in the era of digitisation.
The country has yet to measure its financial losses caused by cybercrimes-the most outrageous being the theft of its reserves from the US Fed by an international cybercrime gang.
With this phenomenon in view, experts have sought regulators’ due role, strengthening banks’ ecosystem and removing sheer carelessness and negligence of most card-users.
Besides, the report also suggests conducting effective end-user awareness training to mitigate cyber-threats focused on customer-data breaches like stealing credentials.
The government formed the BGD e-Gov CIRT under the Bangladesh Computer Council (BCC) just after the cyber-heist of the central bank’s reserves to combat any such fatal intrusion further.
Talking to the FE, Tarique M Barkatullah, BCC director (data centre), says this report aims to strengthen security awareness, detection, and mitigation for banking organisations and that in no way is meant to degrade or defame any particular organisation.
“Although it might be caused by the negligence of individual subscribers, the relevant banking authorities should be aware of which card credentials are available on the dark web and take the necessary precautions and spread awareness,” he adds.
Terming cyber-attacks commonplace nowadays, Jamuna Bank’s ICT head Syeed Zahid Hossain told the FE that the cardholders must be cautious while using their cards as in most of the cases card forgery occurred due to their carelessness and negligence.
Admitting that cardholders’ information piracy is seen in a rising trend in his banks, too, he suggests that all the customers should use verified and certified sites by different certified companies like Verisign while receiving their services that would help reduce such card fraud.
However, such forgery may be committed even in cahoots with bank officials sometimes who are related to the card division, he opined.
His bank took legal action against those responsible for such fraudulent activities in different times, he mentioned.
Dr Md Mahbubul Alam Joarder, Professor at the Institute of Information Technology, the University of Dhaka, says stakeholders related to the ecosystem of banks should take more responsibility and remain cautious to end such frequent card forgeries.
“The relevant banks must deal with the matter seriously, keeping the interests of their clients protected by handling it with the latest systems and solutions,” he suggests.
Also, the regulators concerned need to be “vigilant and play their appropriate roles to stem the crimes”.
In 2021, at least 147 public-private organisations, including banks and non-bank financial institutions, came under attack, showing their utter vulnerabilities, according to the CIRT.
It disclosed that the incidents increased to 870 in 2018 from 683 in 2017. The figure was 379 in 2016.
Of the attacks, vulnerability accounts for 63.2 per cent, intrusions or hackings 5.7 per cent, malicious code 22.5 per cent and abusive content 4.5 per cent.
The rest comprise fraudulence, intrusion attempts, service requests and information security.