When the same-day clearing system was introduced last year, this scribe had a discussion with some bankers who were highly complacent about this technologically advanced system that made inter-bank transactions faster. Prior to introduction of same-day clearing system, cheque clearing used to take three to five days.
 In this situation, same-day clearing has brought about a revolutionary change in the use of cheque for settling transactions. During the discussion I raised some control issues related to potential threat of fraudulent activity but got no satisfactory reply. Since inception, this advanced technology of same-day clearing has been functioning well without any reported untoward incident but fraudulent activities have taken place in an area of digital banking -- ATM (Automatic Teller Machine). On February 07-08, 2016, a series of withdrawal took place from ATM by means of fraudulence for the first time in the country. During the two days, a total amount of BDT 2.60 million has been fraudulently withdrawn from 36 accounts of different ATM booths. Newspapers reported that skimming device was used to hack customer information and hidden camera to collect customers' PIN (Personal Identification Number) for this alleged fraudulent activity. After every withdrawal, text messages were sent as usual to the cell phones of respective account holders who immediately lodged complaint to the concerned bank about the fraudulent withdrawals. The bank upon receipt of some complaints, conducted investigation which revealed fraudulent activities in ATM booths.
This is how ATM fraud was detected and a possible big scam was averted. The matter is now under investigation and detective branch of police has already arrested four persons including one foreigner. We believe that after investigation real picture will come out and the persons found guilty will be punished. Â
ATM IS THE BEGINNING OF COUNTRY'S DIGITAL BANKING: The use of ATM in our banking business is considered the first successful attempt in transforming country's traditional banking into digital operation. Use of the teller machine commenced in our country in the early nineties and since then it has been in operation without any mishap. After successful use of ATM, our banking industry has moved faster towards digital banking and new technologies, one after another, have been introduced in the banking business. Among them centralisation, online banking, mobile banking, automated clearing system, automatic inter-bank transaction, and same-day clearing system are very remarkable. We feel proud that our banking sector did not lag behind in adopting new technologies, and has rather been very fast and active in embracing technology-based operations. However, no technology has been found foolproof in the world as some limitation or glitz has always been associated with computer technology.
 In order to encounter these limitations, many control mechanisms have been developed. Now, question arises, whether our bankers and policymakers have been able to ensure adequate control mechanism in all the information technologies which are being used in the banking industry. We have to keep in mind that using computer technology in financial transactions without adequate control mechanism is tantamount to driving a car in the highway without airbag. This point is coming to the discussion because technologies are is developed and marketed by the companies of developed world who are mostly concerned about their own country's security. Our security concern will have to be raised and mitigated by our bankers and policymakers.
Mobile phone has been developed and marketed in the developed countries where security threat was mitigated in due course before launching this product. As a part of security concern, the user must produce his/her highly confidential identity like SIN (Social Insurance No.) or driver's license to get access to any cell phone service. The same companies have indiscriminately marketed this product in our country without any user's ID because this aspect was ignored at the initial stage by our policymakers for the sake of cheap popularity and brisk business. Now our government and law-enforcement agencies are realising the bitter consequences of cell phone without valid registration, i.e., ID. Therefore, before introducing any new technology or device, all risk factors must be addressed properly and appropriate control mechanism should be in place in order to make the use of the technology safe and secure.     Â
The recent fraud in ATM transaction has stirred the whole banking arena and the managements of concerned banks and Bangladesh Bank (BB) have responded promptly. Although this is not the job of Bangladesh Bank, yet they did not sit idle, instead acted very fast because we usually - albeit wrongly - hold the central bank responsible if anything goes wrong with banking. So, as the ultimate protector of depositors, BB has moved forward and initiated their own investigation, issued circulars giving some direction and suggesting measures as well. At the same time, the commercial banks have also come forward with some measures which include cooperating with the investigators, taking some more precautionary measures and returning money to the affected account holders.
FRAUD IN TECHNOLOGY-BASED BANKING IS EVERYWHERE IN THE WORLD: Hacking and fraudulent activity in online operation is not new at all. No system in the world could be made so secure as to keep the hackers out of reach. Early last year, huge investment scams took place in Hong Kong and China where 29,000 thousand people lost USD 1.20 billion. Two Switzerland-based companies, API Premiere Swiss Trust (API) and Alpen Asset Management Trust, have established their representative companies in Hong Kong and China and invited people to use their online investment opportunities. Since Switzerland is known to have very high standard financial system, these two companies have used Switzerland's image to allure investors to invest through online investment technique. Under this system, interested people have used their bank account in China and Hong Kong to transfer money to the accounts established with API from where currency and precious metal like gold was traded. After a while, the investors noticed that their money was disappearing from their account with API. They immediately contacted with API who came up with the excuse of hacking. In its explanation, the company stated that their entire database has been hacked causing huge financial losses, and so urged the affected investors to reamain calm and patient and requested some time to restore the system to be able to pay back. After sometime, the investors' repeated attempt to contact with API went in vain and it was noticed that those two companies have disappeared. In this connection, a legal case has been filed and an investigation involving Switzerland, Singapore, Hong Kong and China is going on.
Couple of years ago, hackers attacked a central customer database of a big American bank and it was reported that valuable customer information of innumerable account holders were stolen. This was a grave concern and much discussed issue in North American financial industry. That bank initiated its own investigation and US police also launched haunt of finding the persons involved in this hacking. It is common knowledge that world's strongest and well-protected server and system of US Pentagon cannot be kept out of hackers' reach. Even the reputed system used by CRA (Canada Revenue Agency) was attacked by hackers during the tax season for which CRA had to keep the system shutdown for a day.
There are many more reported incidents of hacking and online fraud across the world. This hacking and fraudulent activities could not stop the use of technology in our day-to-day operation; rather the use of technology has been intensified and widened further. However, appropriate controls have been established so that associated risks can be mitigated. Potential threat of fraud will come with technology, but can be mitigated by ensuring proper control in place. So, emphasis must be given on putting appropriate control in our digital banking. Â
CONTROL MECHANISM IN ATM OPERATION: The recent ATM fraud has raised some concerns related to control mechanism. First of all, we will have to keep in mind that online service, particularly ATM or Mobile banking, cannot be considered a substitute to actual banking taking place in the bank premises. This banking machine is used as an incidental services provider to the customers for meeting their emergency needs and sudden or unplanned financial expenses. So, if the system developed for meeting urgent need is used for regular transaction, it will undoubtedly invite danger. Even in the developed world where Teller Machine has been invented, this ATM is not used as an alternative of actual banking although people can deposit cheque and make bill payment in addition to withdrawing money. This machine is used as an assisting tool to the bankers and people personally appear at the bank premises for carrying out their banking business. This machine is only used when urgent need arises, particularly for conducting small transaction at rush hour or at off-bank hour. Mobile banking has not yet become a popular means of financial transaction in the developed world and in this context, our country's financial industry has remained well advanced.
The first control mechanism is confidential PIN. This PIN has to be very unique in feature. It must have reasonable validity, and on expiry, it has to be changed, otherwise accessibility of Card will be denied by the machine. For any reason, if the PIN is wrongly entered successively twice, the card will be automatically locked by the system and unlocking thereof will require special security screening process. Similarly, measures will have to be in place to use the most technologically advanced card for banking machine. We are not sure, what kind of card is being used in our country. At present, card with chip and pin is used in the developed world because chip and pin card is believed to contain all security features and recognised as fraud protective.
The writer is a banker based in Toronto, Canada.
 nironjankumar_roy@yahoo.com
Digital banking needs more control
Nironjan Roy in the first of a two-part article on ATM fraud | Published: March 06, 2016 00:00:00 | Updated: February 01, 2018 00:00:00
Share if you like