Regulator rings cyber-heist alarm for banks
BB orders 17-point security shield around banking system
FE REPORT | Saturday, 2 November 2024
On sounding alarm over growing cyber-attacks in the banking system, with a major one still fresh in mind, the central bank instructs commercial lenders to put up 17-point anti-heist guardrails.
Sources say the Bangladesh Bank (BB), in a circular issued by its information and communication technology department, has said instances of illegal transactions by using dual-currency card on the facebook add manager have been found in some of the banks after analysing and observing regular information of security intelligence of Bangladesh Cyber Security Intelligence (BCSI).
It cautions that the tendency of cyber-attacks in the banking system keeps rising "alarmingly". As a matter of fact, the general customers of the banks have been affected severely.
To avert recurrence of such digital theft on the money markets, the regulator orders the banks and financial institutions to adopt a 17-point security measures immediately.
They have been advised to notify the central bank in case of any potential data breach or ransomware attack immediately.
"Send information about detailed account of any related incidents, including the scope, affected data and any steps taken to address the issue," the circular reads.
The BB asks the banks to use enhanced security methods like biometric authentication and required CVV verification for each transaction. Use one-time password (OTP) alongside applying 2FA/MFA for any financial transaction.
The banks and FIs are being instructed for limiting the attempts a card number can fail verification before being blocked or blacklisted. Using AI (artificial intelligence)-driven advanced fraud-detection system to counter possible attempt at cyber-heist is advised.
The commercial lenders have been asked to regularly monitor transaction patterns for irregularities that could indicate a BIN (Bank Identification Number) attack such as an unexpectedly high number of denied transactions.
Review and reinforce cyber-security measures, including firewalls, intrusion-detection system, intrusion-prevention system and access control are also among the must-dos to prevent hacking.
"Ensure they (the security system) are up-to-date and capable of withstanding evolving cyber-threats," says the alert note.
Conduct regular security-awareness training for the employees concerned to educate them on identifying and mitigating potential cyber- security threats, it spells out.
An orchestrated cyber-heist into Bangladesh's reserves with the US Federal Reserve stands out as the biggest such digital burglary in the world.