Cyber intelligence detects illegal transactions on dual currency credit cards

The Bangladesh Cyber Security Intelligence (BCSI) has recently detected some illegal transactions made through dual currency credit cards without the knowledge of the cardholders.

The state agency has found that the cybercriminals active on different social media platforms are harassing the cardholders of different banks by illegally using the data used in social media ad management platforms.

The intelligence unit detected the problems at a time when cardholders from various banks reported being victims of such unauthorised transactions.

Nabil Rahaman, a credit cardholder of Standard Chartered Bangladesh, shared his experience of such a case with this correspondent.

On August 23 this year, he was notified about six unauthorised transactions on his StanChart credit card, made on Facebook.

"After checking my credit card transaction history, I found out that 3 out of those 6 transactions have been charged on my credit card," said Rahaman.

"I immediately called the SCB helpline and requested the bank block my credit card and issue a new one."

Rahaman said some of his friends also experienced similar kind of transactions made with dual currency credit cards.

He said one of his friends was charged on LinkedIn although he did not even subscribe to the premium services provided by the employment-focused social media platform.

Sinan Arefin, a card user of United Commercial Bank, said this correspondent that he also fell victim to such transaction on his dual currency card in September this year.

To fight such cyberattacks, banks have been asked to immediately notify the central bank in case of any potential data breach.

The chances for banks being hit by cyberattacks are increasing significantly and malwares are attacking every day, the Bangladesh Bank said in a statement on October 31 where it mentioned 17 cyber security measures for banks.

The banking watchdog suggested banks using enhanced security methods, 'one time password' for each transaction, two- or multi-factor authentication for any financial transaction and determine how many times a card number can fail verification before being blocked.

Moreover, banks should use artificial intelligence and machine learning, if possible, to detect unusual trends in bank identification number (BIN) attacks and regularly examine transaction patterns for irregularities that could indicate a BIN attack, the BB said.

"We are aware that recently, some transactions were made by fraudsters with few clients' credit card details on a social media platform," Naser Ezaz Bijoy, CEO of Standard Chartered Bangladesh, said in a written response to The Daily Star's queries in this regard in September this year.

The transactions were made on a platform that was not compliant with industry standard EMV/3DS security protocol, he said.

"Our internal investigation has shown no evidence of any cyber-attacks on the Standard Chartered Bank credit card database," he said.

Naser said his bank has taken actions immediately to ensure the security of the clients' credit cards who have face such cyberattacks.

"We have blocked the credit cards to ensure that no further fraudulent transactions can be made. Replacement cards have been issued free of cost and sent to clients. We are refunding the disputed amount to the impacted credit card accounts so that clients do not incur any financial loss."

The bank also said it has a dedicated fraud risk surveillance team which remains active round-the-clock, monitors card transactions and takes immediate corrective actions, if any fraud transaction is identified.

On behalf of UCB CEO and Managing Director Mohammad Mamdudur Rashid, the bank's communication department said it will talk to the media after discussing the issue with the department concerned.