Sie sind auf Seite 1von 8

Cyber-crime Scenario in Banking Sector

of Bangladesh: An Overview

Sultana Sharmeen Karim


Lecturer, Department of Finance
Bangladesh University of Business and Technology (BUBT)
sharmeen_karim@yahoo.com

Abstract
Cyber and technology related crime is gradually increasing in Bangladesh. The
advancement of e-banking technology has made banking transactions very
convenient. But the misuse of information technology has brought
undesirable consequences in the form of diverse cybercrimes. This paper
focuses on developing a conceptual framework regarding the problem of
cyber-crime in the banking sector of Bangladesh by assessing the cyber-crime
scenario. One of the most important aspect in the Bangladesh banking sector
is to make banking transactions free from cyber-crime. The purpose of this
study is to represents the concept of the basic crimes occurred in banks and
financial sector- namely Automated Teller Machine (ATM) frauds, E-Money
Laundering etc. The study found that by applying the updated technology and
appointing skilled manpower and devices cyber-crime can be reduced from
the banking transactions.

Keywords: Banking sector, Cyber-crime, Internet, ATM, E-money Laundering.

12 THE COST AND MANAGEMENT


ISSN 1817-5090,VOLUME-44, NUMBER-2, MARCH-APRIL 2016
1. Introduction In the banking sector, Illegal money transfer and
removal from one to another account are identified
In the present global scenario, information as banking fraud according to Wall (2001). He has
technology is the most critical and disputable also classified cyber-crimes into four broad categories
term. It is the most intense innovation which is i.e. cyber-deceptions, cyber-violence, cyber-trespass,&
quick and precise in all areas. Expanded use of cyber-pornography. The banking frauds are classified
Information & Communication Technology, like under cyber-deception which is termed as an
computers, mobile phones, Internet, and other immoral activities including credit card fraud stealing,
related developments are responsible for not and intellectual property violations (Anderson &
only creative activities but destructive activities Barton, 2012).
also. The destructive activities are considered as
cyber-crime, which includes credit card fraud, ATM frauds, E-money Laundering and Credit Card
spamming, e-money laundering, ATM fraud, Frauds are the most witnessed cybercrimes in the
Phishing, Identity theft, Denial of Service in the banking sector. In general, all the frauds are executed
banking sector. with the goal of accessing user's bank account,
stealing funds and transferring it to some other bank
account. In some cases the cyber criminals uses the
2. Problem Statement: banking identifications i.e. passwords, e-PIN,
The dependency of individual as well as certificates, etc. to access client's accounts; whereas
institutions on internet is raising the cyber-crime in other cases they may want to steal and transfer
as a growing concern. The increased use of ICT money the funds into another accounts illegally. The
is boosting the hazard of cyber-attacks across intention of cybercriminals sometimes is just to harm
the globe. Since the incidents of cyber-crimes are the image of the banking firm and therefore, they
on the rise, it is essential to explore the cyber block the bank servers blocking the access of clients'
crime scenario. Although, with the initiation of accounts (Claessens et al., 2002; & Hutchinson et al,
technologies, the banking sector has been able to 2003).
reach more customers however, it has also The defense system of banking sector contains a lot
increased the risk for customers who often feel of exposures, so there is always a need for
hesitant and insecure in opting for such services. investigation for increasing awareness about the
The objective of the study is to provide a procedures that can be undertaken to contest cyber
conceptual overview about the cyber-crimes in related crimes in the banking sector. (McCullagh,
the field of finance and banking sector of 2005 & Florncio, 2011).
Bangladesh. This paper is an attempt in this
direction to better understand the electronic Moore.et al (2009) focused on the subject of online
crimes in the banking sector of Bangladesh and crime which generally occur from the annoyance
to take some precautionary measures. came from sloppy hackers. They found that substantial
developments are possible in the way dealing with
online fraud and to study the online crime it is
3. Methodology: suggested that to understand its economic
The study is descriptive in nature. This study is perspective. It also revealed the problems that banks
conducted on the basis of secondary data. The and police forces face in governing the traditional law
secondary data are collected from the journals enforcement.
and research papers. Newspaper articles and the Nsouli. M and Schaechter. A(2002), states that online
internet sources are also used. But the data has banking crime which is committed with the use of
been interpreted in the light of the objectives online technology to steal money illicitlyfrom a bank
mentioned earlier. account or means of shifting money. Cyber- banking
crime can be considered as another method of
identity theft which is regularly made imaginable via
4. Review of Literature: Cyber- methods such as Phishing.
crime in Banking Sector
Liao.Z and Cheung.H,(2008) revealed in their study
According to Douglas and Loader (2000), that customer interaction with the internet assisted
Cybercrime can be defined as computer online banking are the ease of use, security
facilitated activities accompanied through global convenience, and also responsiveness to services
electric networks either illegally or illicitly by requirements. They also suggested, for preventing
definite entities. cyber-banking crime: protecting antivirus & firewall,

13 THE COST AND MANAGEMENT


ISSN 1817-5090,VOLUME-44, NUMBER-2, MARCH-APRIL 2016
restricting the amount of personal information one defamatory information
permit to be in public domain, making use of low Although, Internet and web technologies are
limit distinct credit card for online buying to growing at a fast pace and are providing new
minimize the possible loss of things go wrong. opportunities, they are also consisting of certain
threats like, email espionage, credit card fraud,
spams, software piracy, etc.
5. Cyber-crime - An Overview
Computers, Internet and other electronic medium
are the tools that make possible the instant
6. Cyber-crime scenario
exchange and distribution of data, images, and
throughout the world
materials. The fraudulent activities of IT are termed The Global Economic Crime Survey 2016,
as cyber-crime, e-crime, hi-tech crime, or electronic indicates that cybercrime is the one of the
crime. These practices involve the use of computer economic crimes that has increased, jumping
or internet as a medium, source, instrument, target, from 4th place to 2nd place globally, which is a
or place of a crime. sharp rise. Among the survey participants
worldwide, reputational harm was viewed as the
Computer and Internet plays a key role in various
most damaging effect of a cyber breach -
activities, such as, recording financial transactions,
followed closely by legal, investment, or
routing telephone calls, measuring power usage,
enforcement costs. A popular and effective
monitoring medical treatments, etc. However, they
strategy for targeting banks is to direct email
also contribute to electronic crime, such as:
phishing to clients. Mobile and online banking
Cyber Stalking: Cyber Stalking means following has opened new doors for cybercriminals. To
every moves of an individual over internet. It counter these attacks, banks have established
can be done with the help of many protocols procedures to rapidly respond to any attacks
available such as e- mail, chat rooms, user net and have also started the process of educating
groups etc. customers on security. Consequently, criminals
Phishing: It is a technique of pulling out have reacted by creating more sophisticated
confidential information from the bank/financial programs intended to breach online bank
institutional account holders by deceptive accounts, and by subverting the servers and
means. programs to aid their phishing activities; a
method known as infrastructure hijacking.
Hacking: Hacking is a simple term which means
illegal intrusion into a computer system As indicated by the FBI, the most recent pattern
without the permission of owner/user by cybercriminals is to pick up employee
username/password by utilizing spam and
Denial of Services: This is an act by the criminal, phishing messages, key loggers, remotely
who floods the bandwidth of the victim's accessible trojans. Such attacks were found in
network or fill his e-mail box with spam mail September 2012, when the Bank of America and
depriving him of the services he is entitled to Wells Fargo were among those struck.
access or provide, or when internet server is
flooded with continuous bogus requests so as In the course of the most recent couple of
to denying legitimate users to use the server or years, cyber economic crime has developed to a
to crash the server. point where it can be classified into the
following two categories:
E-mail Spoofing: A spoofed email is one in which
e-mail header is forged so that mail appears to 1. Cyber fraud. Money related cyber-crime,
originate from one source but actually has been like, identity and credit card theft causing
sent from another source. huge losses. In spite of their prominence,
Spamming: Spamming means sending multiple they hardly cause any danger to
copies of unsolicited mails or mass e-mails organizations.
such as chain letters. 2. Transfer-of-wealth/IP attacks. The more
Cyber Defamation: This occurs when serious economic crime confronting
defamation takes place with the help of businesses is that of internal cyber risk:
computers and or the internet. e.g. if someone the stealing of Intellectual Property -
publishes defamatory matter about someone trade secrets, R & D information,
on a website or sends e-mails containing company strategies, etc. The damage

14 THE COST AND MANAGEMENT


ISSN 1817-5090,VOLUME-44, NUMBER-2, MARCH-APRIL 2016
could lead to loss of billions of dollars and control over the record, skimming, or if the card
destroy a company or even a large is stolen. The expression "Internet fraud" usually
economic system. These attacks are usually refers to any type of fraud scheme consisting of
not being anticipated by a company and are various components of the Internet, like chat
difficult to detect. rooms, email, forums, or websites - to execute
fraudulent transactions or distribute to other
associated with the plan. Banking criminals are
7. Cyber-crime in Banking Sector- utilizing different electronic medium, for example,
Concepts web, email, and encoded messages for their
fraudulent activities.
According to Jaleshgari (1999), Banking sector
throughout the world was simple and reliable till
mid-1990s,; however since the initiation of 8. Cyber-crimes in Banking Sector:
technology, the banking sector experienced a
paradigm shift in the phenomenon. In order to
Across the globe
enhance their customer base banks introduced However, in the last few years, banks all acros the
many platforms through which transactions could globe have perceived cyber-crime as among their top
be done effortlessly (Vrancianu and Popa, 2010). five risks (Stafford, 2013). Some of the major incidents
These technologies enabled the customer to access of cyber-crime in past few years are as follows:
their bank finances 24/ 7 and year around through,
ATMs and Online banking procedures.Information Stealing of personal information of almost
Technology (IT) has become a vital part of the 2.9 million credit card customers of
banking system. Just like banking is the backbone of Barclays and Santander Banks UK in 2013
the economy, IT has become the backbone of the Missing $ 450,000 from bank account of a
banking system. It is nearly impossible for banks to Pennsylvania school district in 2008
provide new financial products without relying Transfer of approximate $3 million from
heavily on IT. The banking sector is coming up with bank account of a New York school
various progressive changes to transform the district in 2009.Some transfers were
"brick-and-mortar" bank branches to an advanced recovered but $500,000 was withdrawn
framework of "core banking solutions". from the account before the transaction
could be reversed.
The present contemporary age has replaced
Over 400 corporate account takeovers in
conventional financial instruments from a paper
2011, which cyber criminals initiated
based currency to "plastic money" in the form of
through unauthorized ACH and wire
credit cards, debit cards, etc. This has brought about
transfers from the bank accounts of U.S.
the vast use of ATM everywhere throughout the
businesses. These cases involve the
world. The use of ATM is convenient but has a
attempted theft of over $255 million and
negative side, which is manifested in the form of
have resulted in the actual loss of
"ATM frauds". Credit card fraud has gotten to be
approximately $85 million.
conventional on the internet which affects card
Creation of fake debit cards and
holders as well as online sellers.
withdrawal of more than $9 million from
Frauds automated teller machines (ATMs)
involving E-money
electronic fund Laundering worldwide by breaching the U.S. payment
transfer (EFT)
processor's computer systems and stealing
Credit card Telecommunication personal data in November 2009.
fraud fraud
(Source: FBI Data)
Phone
Banking
ATM facility
Fraudulent
use of (ATM)
Credit, Debit and
Smart cards Frauds related to 9. Cyber-crime scenario in banking
E-commerce and
cards and
accounts
Internet banking
Mobile Banking
SWIFT Network
EDI
sector of Bangladesh:
INFINET Network
In the last few years, the baking sector was the
victim of several security breaches:
Figure: Technology & related crimes

On January 06, 2013, Islami Bank


Charge card fraud can be conducted by assuming Bangladesh site was hacked by Human
Mind Cracker.

15 THE COST AND MANAGEMENT


ISSN 1817-5090,VOLUME-44, NUMBER-2, MARCH-APRIL 2016
In 2015, bank accounts of a private bank The disappointing aspect of this occurrence from
were hacked and money was withdrawn the Bangladesh Bank was that, while giving
from them. necessary advice to all concerned, they had
On December 2, 2015, Hackers breached forgotten to heed their own suggestions and
the network security of Sonali Bank and neglected to take satisfactory safety measure of
took control of its website for a couple of their own institution and its relationship with
hours. The programmer distinguished himself other associated financial partners abroad, which
as a 'Muslim Hacker'. lead to the largest e-money laundering in the
In February, 2016, skimming attacks in six banking sector of Bangladesh.
ATM booths of three commercial banks.
And the largest e-money laundering in the 8.2 Case Study 2: Bangladesh Bank
history of banking occurred in February Heist
2016, when hackers stole $101 million from
the Bangladesh bank's account with the In February 2016, the stealing of $101 million
Federal Reserve Bank of New York. from the reserves of the Bangladesh Bank has
raised question on the exposure of financial
Evidence of hacking in commercial banks institutions to cyber-crime groups. This incident
demonstrates corruption in the government's have challenged the ability of existing mechanisms
procurement framework where unqualified vendors in preventing such incidents. Besides, this theft
were selected without proper evaluation of skills signified the need for strengthening the
and consultation of IT experts. international co-operation in tackling cyber-crime.

8.1Case Study 1: ATM card skimming The hackers retrieved the central bank's transfer
codes and sent payment transfer requests worth $1
The initial shock came after the revelation and billion to the Federal Reserve Bank of New York.
complaints recorded because of abuse of ATM They requested the funds of Bangladesh be
machines fitting in with some banks and withdrawal transferred to a bank in the Philippines. From there,
from various private accounts of a lot of cash the cash was transferred to at least three Philipino
without approval of the record holders.14 persons casinos: At the casinos, someone converted the
were arrested by the police on 4 March, 2016. It cash into chips for betting and then reconverted
included 12 foreign nationals who were individuals the chips into cash. This money was then sent to
from worldwide cyber-crime fraud-gang. They had bank accounts in Hong Kong. An additional fund of
deceitfully utilized online networking media about US$ 21 million was also transferred illegally
furthermore hacked information of individual to a third party in Sri Lanka.
clients.
The attempt could not be fulfilled in totality
Skimming is a procedure utilized by digital following a typing error that alerted one of the
lawbreakers to duplicate individual information routing banks and transaction was stopped. . Instead
from the magnetic strip on an ATM card. The of "foundation" the hackers had spelt it as
criminal fits a skimming device in the card slot of "fandation". This prompted a routing Bank-
ATM booth. Once a card is swiped through a Deutsche Bank to seek clarification from the
skimmer, individual data contained on the magnetic Bangladesh Bank, which stopped the transaction.
strip is perused and put away on the gadget or Spelling mistake prevented the illegal shifting of
transmitted remotely to the criminals. money. But the hackers were successful in siphoning
$81 million in the initial four transactions.
Copying Stealing The theft of such a large amount from national
client's the PIN Freak
Setting up information on
another chip on a
numbers with the
installed cameras when
transactions reserves astonished many in Bangladesh and
skimming device and using ATMs
tiny cameras blank card when a card
is swiped on the
people entered their
PIN numbers on
hundreds of
thousands of taka
abroad. Doubts are being expressed about the
magnetic strip entry pad
country's readiness to protect its financial
infrastructure, which is undergoing digitization.
Figure: Assumed incidents of Card skimming at six ATM booth
Different investigations are being carried by
With the card information, they can lead value- various enquiry commissions like FBI,Bangladesh
based misrepresentation, make new cards with the Banks appointed committee & CID officials of
stolen character and individual data, or offer the Bangladesh.Bangladesh investigators have
cardholder information on the underground identified at least 20 foreign nationals who they
market. claimed were involved in the cyber heist till date.

16 THE COST AND MANAGEMENT


ISSN 1817-5090,VOLUME-44, NUMBER-2, MARCH-APRIL 2016
10. Is it an Alarming issues for
banking sector?
Recurrence of such incidents will affect the
economy. Protecting financial sectors from future
cyber-crimes is of greatest concern at this
moment. Given the rising occurrences of cyber-
crimes in Bangladesh, there is critical requirement
for redesigning the nation's monetary groundwork
offering administrations over the electronic
network.

Installing Learning Gaining


malware in the the processeing remote control Exploitation of Stealing BB's
BB's computer of money,sent and of the bank's "zero-day" flaw as credentials for
systems and observeing received by Software computer through they were unknown to the SWIFT
transaction process includeing spying Remote Access transaction parties messaging system
from its US programs that Trojan (RAT) as well.
account

Figure1: Assumed incidents what the hackers did to steal the reserve

35 instructions for
SWIFT transfer payment

5 instructions 30 instructions
Federal Reserve Bank
implememted was blocked

Transfer of $81 mil by 4 Transfer of $20 mil by 1


Intermediary Bank instructions through instruction through Pan
RCBC Bank,Phillipines Asia Banking Corp.

Bluemary Bluemary Eastern Highway Srilangkan


Destination
Resorts Casino Resorts Casino Laisure Casino NGO

$20 mil
Total Amount of Stolen Money $29 mil $31 mil $21 mil recovered

Figure2: How Bangladesh Bank's reserve was stolen

The government has also formulated a cyber 11. Ensuring Cyber Security
security law. Despite that, there are uncertainties
over preventing the culprits of such violations may Governance:
be difficult unless it gets assistance from This incidents persuaded the Bangladesh Bank
international community. The global cooperation recommending to all Banks and financial
can be focused on areas like international safety institutions to ensure cyber-security
standard, training and information sharing. An governance i.e.:
international Cyberpol can be established more in
the line of the Interpol. Unfortunately, it appears Taking measures for ascertaining existing
that the regulatory regime regarding control of technical gap assessment and
cybercrime or server management (in the case of vulnerability through a comprehensive
e-commerce) is weak in Bangladesh. For this, easily cyber security risk study.
exploitable laws, cyber-criminals use developing Treating cyber security as a collective
countries like Bangladesh in order to evade responsibility by all financial institutions.
detection and prosecution from law enforcement. Installing Anti-skimming devices to the
Laws against cyber-crime in our country is weak ATM booths.
or sometimes nonexistent. Use of EMV (Europay, Mastercard & Visa)
Standard card to avoid skimming.

17 THE COST AND MANAGEMENT


ISSN 1817-5090,VOLUME-44, NUMBER-2, MARCH-APRIL 2016
Such measures were recommended by the 12. Conclusion
Bangladesh Bank because such cyber-attacks were
seen as being capable of causing financial loss and The present conceptual framework has
creating a reputational risk. They should also provided a brief overview of ongoing
emphasize on: efforts to prevent and control technology
and computer related crime, highlighting
Provide IT related training for skill
development general trends and development within
Monitoring over the IT related issues and outside the banking sector of
Testing hazard incident Bangladesh.The banking industry is
Mandatory adoption of IT related
constantly experiencing cyber-crimes like
precaution to avoid such incidents. ATM fraud, E-money laundering, Credit
Creating customer awareness
card fraud, Phishing etc. Since there was
A model can be followed for cyber risk no noteworthy incidents of cyber-crime
identification and mitigation. Any organization as took place in the banking sector of
well as banks can follow this model:
Bangladesh before 2016, there was no

Executive Level Audit & Risk Legal IT

understanding and Be aware of the changing


Institute sound threat landscape and
cybersecurity strategy coverage of technology
risks attack vectors
Track the evolving cyber-
regulatory environment Test incident response
Ensure quality Conduct up-front due
plans
information is received diligence to eliminate 3rd
and assimilated party risk
cyber-attack simulations,
gamification of security
Implement user security Addressing risks
awareness programs associated with Training and awareness
operational systems Monitor decisions made
sessions and security
by regulators in response
data analytics
to cyber incidents
Support strategy-based Address basic IT audit Implement effective
spending on security issues monitoring processes

Figure 3: Cyber threats & mitigations (Source: Global Economic Crime Survey 2016)

18 THE COST AND MANAGEMENT


ISSN 1817-5090,VOLUME-44, NUMBER-2, MARCH-APRIL 2016
urge for such protective measures against Florncio, D., &Herley, C. (2010). Phishing and
those crimes. But now it is high time for the money mules. In Information Forensics and
Security WIFS, IEEE International Workshop on
banks to concentrate on cyber risk pp. 1-5. IEEE
management and mitigation. So, new
Federal Bureau of Investigation, Statement before
technologies and services must be adopted the House Financial Services Committee,
to cope with the situation as well as Subcommittee on Financial Institutions and
competition and security governance must Consumer Credit Washington, D.C. September
be complied with. Technological and legal 14, 2011
advancement in the area of banking sector Global economic crime survey,2016,
is necessary to overcome the cyber-threats "How cyber-criminals targeted almost $1 bn in
in banking industry. Bangladesh Bank should Bangladesh Bank Heist",available at
https://next.ft.com/content/39ec1e84-ec45-
take necessary steps discussed above to
11e5-bb79-2303682345c8#axzz46NHKzCwH
create awareness among the banks and
their clients as well as making the
Jaleshgari, R. (1999). Document trading online.
application of the laws more rigorous to Information Week, 755:
check crime. As the regulatory authority of 12. Moore.T, Clayton.R&Anderson.R (2009). "The
the banking sector, Bangladesh Bank should Economics of Online Crime" , Journal of
also ensure mandatory compliance of cyber Economic Perspectives, Volume 23, Issue no.3,
Summer 2009, pp.3-20
risk management and cyber security
Maruf,M.A, Islam, R, Ahmed, B(2010),Emerging
governance for the operating banks. There
Cyber Threats in Bangladesh: In Quest of
is also a need to bring changes in the EffectiveLegal Remedies,The Northern
Information Technology (ICT) Act to make University Journal of Law,ISSN 2218-
it more effective to combat cyber-crime. 2578,Volume I (2010)

Perumal, A.S,(2008) Impact of cyber crime on


virtual Banking,SSRN Electronic Journal 10/2008
References: S. M. Nsouli and A. Schaechter, (2002)"Challenges
Anderson, R., Barton, C., Bhme, R.,Clayton, R., van of the e-banking revolution: Finance and
Eeten, M. J. G., Levi, M., Moore, T., & Savage, S. development," International Monetary Fund, vol.
(2012). Measuring the cost of cybercrime. 39, no. 3, pp. 231-254.
Alam, S (2015),Cybercrime and legal fabric of Shewangu D.(2015), Cyber-banking fraud risk
Bangladesh,Bangladesh Law Digest-available at- mitigation- conceptual model,Banks and Bank
http://www.bdlawdigest.org Systems, Volume 10, Issue 2, 2015.
Claessens, J., Dem, V., De Cock, D., Preneel, B.,
&Vandewalle, J. (2002). On the security of today s Siddique,I&Rehman S.(2011), Impact of Electronic
online electronic banking systems. Computers & crime in Indian Banking Sector - An Overview,
Security, 213: 253-265 International Journal of Business Information
Technology, Vol-1 No. 2 September 2011
"Card skimming at six ATM booths from three banks"
available at Vrancianu, M., &Popa, L. A. (2010). Considerations
:http://bdnews24.com/business/2016/02/14/card- Regarding the Security and Protection of E-
skimming-at-six-atm-booths-from-three-banks Banking Services Consumers Interests. The
Amfiteatru Economic Journal,pp- 1228: 388-403
"Cyber-Crime in Bangladesh :A growing threat in
digital market" available at Wall, D. 2001. 1 Cybercrimes and the Internet. Crime
:http://www.risingbd.com/english/cyber-crime-in- and the Internet: 1
b a n g l a d e s h - a - g ro w i n g - t h re a t - i n - d i g i t a l - Z. Liao and M. T. Cheung (2008), "Measuring
marketplace/28940 customer satisfaction in internet banking; A
Douglas, T., & Loader, B. D. (2000). Cybercrime: core framework," Communications of the ACM,
Security and surveillance in the information age: vol. 51, no. 4, pp. 47-51.
Routledge

19 THE COST AND MANAGEMENT


ISSN 1817-5090,VOLUME-44, NUMBER-2, MARCH-APRIL 2016