Cyber ​​intelligence detects illegal dual-currency credit card transactions

Bangladesh Cyber ​​Security Intelligence Service (BCSI) has recently detected some illegal transactions made through dual currency credit cards without the knowledge of the cardholders.

The state agency has found that cybercriminals active on various social media platforms are harassing cardholders of various banks by illegally using data used in social media ad management platforms.

The intelligence unit detected the issues at a time when cardholders from various banks have said they are victims of such unauthorized transactions.

Nabil Rahaman, a credit card holder of Standard Chartered Bangladesh, shared his experience in one such case with this correspondent.

On August 23 this year, he was notified of six unauthorized transactions on his StanChart credit card made on Facebook.

“After checking my credit card transaction history, I found out that 3 of the 6 transactions were charged to my credit card,” Rahaman said.

“I immediately called the SCB helpline and asked the bank to block my credit card and issue a new one.”

Rahaman said some of his friends have also experienced similar transactions made with dual-currency credit cards.

He said one of his friends was charged on LinkedIn even though he didn’t even subscribe to the employment-focused social media platform’s premium services.

Sinan Arefin, a United Commercial Bank card user, told this correspondent that he too fell victim to such a transaction with his dual currency card in September this year.

To combat such cyber-attacks, banks have been asked to immediately notify the central bank in the event of a potential data breach.

The chances of banks being hit by cyber attacks are increasing significantly and malware attacks every day, Bangladesh Bank said in a statement on October 31 outlining 17 cyber security measures for banks.

The banking watchdog suggested banks use enhanced security methods, “one-time password” for each transaction, two or more factor authentication for any financial transaction and determine how many times a card number can fail verification before it is blocked.

In addition, banks should use artificial intelligence and machine learning where possible to detect unusual trends in bank identification number (BIN) attacks and regularly review transaction patterns for potential irregularities a BIN attack, BB said.

“We are aware that recently some transactions have been carried out by fraudsters with scant customer credit card details on a social media platform,” Standard Chartered Bangladesh CEO Naser Ezaz Bijoy said in a written response to questions The Daily Star on this. in September this year.

The transactions were conducted on a platform that did not comply with the industry standard EMV/3DS security protocol, he said.

“Our internal investigation showed no evidence of any cyber attack on Standard Chartered Bank’s credit card database,” he said.

Naser said his bank took immediate steps to secure the credit cards of customers facing such cyber attacks.

“We have blocked credit cards to ensure that no more fraudulent transactions can be made. Replacement cards were issued free of charge and sent to customers. We are refunding the disputed amount to the affected credit card accounts so that customers do not suffer financial loss”.

The bank also said that it has a dedicated fraud risk monitoring team that remains active around the clock, monitors card transactions and takes immediate corrective action if any fraudulent transaction is identified.

On behalf of UCB CEO and Managing Director Mohammad Mamdudur Rashid, the bank’s communication department said it would speak to the media after discussing the matter with the concerned department.