No password sharing in banks to prevent heist

---

Siddique Islam | Published: March 18, 2016 00:00:00 | Updated: February 01, 2018 00:00:00

---

Most commercial banks are building cyber-security bulwarks to prevent cyber heist with measures that include total taboo on sharing password. Any password sharing will be treated as "termination offence", bankers said.
The passwords of sensible officials, who are in charge of treasury 'Back' and 'Front' offices and payment systems like RTGS, will be changed frequently to dodge digital fraud and forgery in the banking sector, they added.
The country's commercial banks have beefed up their cyber-security systems after the stealing of more than $100 million from Bangladesh Bank's account with the Federal Reserve Bank of New York early last month.
"We're taking various measures to bolster our cyber-security system," Syed Mahbubur Rahman, managing director and chief executive officer of Dhaka Bank Ltd, told the FE.
Mr. Rahman also said: "It's a continuous process. So the cyber-security system will have to be kept updated regularly to avoid any digital fraud and forgery in future."
Officials concerned have been advised to made cross-border transaction more carefully to avert such incident, according to the bankers.
Wise after the event, the IT (information technology), treasury, and international trade-processing centre along with top management of the banks are now reviewing their cyber-security system regularly.
Bankers concerned have been directed to ensure three-tier security in case of sending payment advice using SWIFT network.
These security levels are massages maker, massages checker and massages authenticator.  
The SWIEFT (the Society for Worldwide Interbank Financial Telecommunication) provides a network that enables financial institutions worldwide to send and receive information about financial transactions in a secure, standardised and reliable environment.
The officials responsible for foreign-exchange transactions have been asked to reconcile NOSTRO accounts with overseas banks regularly, the bankers said.
In the wake of the digital Bangladesh Bank burgling, the BB earlier had asked the commercial banks to follow all kinds of cyber-security measures to protect huge amounts of foreign exchange deposited with their overseas NOSTRO accounts.
 "We've been asked not to download any unknown e-mail to avoid installation of any malicious virus software that may put on serious threat of overall IT system," a senior official of a leading private commercial bank (PCB) told the FE Thursday.
He also said the personal computer (PC) that is used only for SWIEFT network has already been disconnected from internet connection to the banks to minimise any cyber-risk.
Besides, internet connection from the PCs which are using core banking software (CBS) was removed recently to minimse external cyber-risk, said another private banker, who is working at IT department of a leading PCB.
The banker also said separate PCs have already been set up with net connection for general works.
"We're now using VPN (virtual private network) to ensure security of data transformation," he explained.
Most of the banks are also following a gap analysis to assess their cyber- security system in relation to global standards, according to the bankers.
Gap analysis is a method of assessing the differences in performance between a business' information systems or software applications to determine whether business requirements are being met and, if not, what steps should be taken to ensure they are met successfully.
"We're now serious to avert any possible event of such crime like digital theft hitting the central bank of Bangladesh in future through ensuring our cyber-security system," another private banker observed.
The cyber robbery took place on the night of February 4, sending a total of 35 transfer orders into the US Federal Reserve Bank in New York where the BB maintains an account.
Nearly $20 million of it was recovered from Sri Lanka. The lion's share of the booty landed in the Philippines-and that is reported to have been squandered through gaming in casinos, among other matters of misdealing.       
    siddique.islam@gmail.com