Two banks in Bangladesh have lost as much as $1.8 million to hackers last month raising concerns over cyber security in the financial sector.
Dutch Bangla Bank Limited (DBBL) lost $1.4 million (around Tk 110 million), while Prime Bank lost $400,000 (around Tk 33.6 million) to in cyber attacks, according Bangladesh Bank officials familiar with the matter.
A third one—NCC Bank Ltd — was also attacked, which, however, managed to avoid financial losses, they said.
These were the biggest cyber attacks after hackers made off with $81 million from Bangladesh Bank’s account with the Federal Reserve Bank in New York in 2016.
“DBBL and Prime Bank authorities informed us (Bangladesh Bank), on May 5, about the heist reportedly originating from Cyprus, Russia, and Ukraine,” said a top central bank official, who asked not to be named.
In the case of DBBL, cyber criminals stole around $1.4 million in the beginning of May from teller machines in those countries using cloned credit cards, and personal identification numbers (PINs) of DBBL clients.
The DBBL came to know about it when Visa, a global payment solution provider, asked it to settle payments for transactions made by the bank’s “clients” in Cyprus.
No comments were available from DBBL Managing Director Abul Kashem Md Shirin despite repeated attempts.
In the similar process, hackers stole around $400,000 from an ATM in Cyprus using Prime Bank's cloned card.
The bank, however, denies it. "We did not face any hacking attempts," said its Managing Director Rahel Ahmed.
An official of NCC Bank, who asked not to be named, confirmed that they have also faced cyber attacks, but avoided any financial loss.
Following the reports filed by DBBL and Prime Bank, the Bangladesh Bank held a meeting on May 5 with the IT chiefs as well as heads of retail banking, and card divisions of the two banks.
Around two weeks later, on Jun 1, as many as nine ATM booths of DBBL in Dhaka were targeted in digital frauds using cloned cards, when around Tk 1.6 million was stolen.
Police later arrested six Ukranian nationals in connection with the incident.
All the private banks, especially those who deal with international credit and debit cards, have been issued notices to keep vigilant regarding foreign nationals, and people with suspicious behaviour while stepping into ATM booths.
The recent incidents have created worries over the country’s banking sector as these types of hacking attempts were much different from the previous incidents of hacking, said Md Mahbubur Rahman Alam, associate professor of Bangladesh Institute of Bank Management (BIBM).
He said: “These kinds of fraudulent activities are very new in our country, but not in other countries. So, all the local banks here must update their systems, as well as anti-virus, and anti-spam software. Banks should also spend more on IT to boost cyber security.”
As the hackers have the ability to hack international credit cards, they can heist money from any ATMs across the world, he added.
According to a recent research by the BIBM, around 50% banks are in risk of cyber attacks threats as they still lack technologies like managed switch, next generation firewalls and email gateways — vital for ensuring network security in banks.