InfoSecBulletin Cybersecurity for mankind
An organised racket has reportedly siphoned off lakhs from Standard Chartered Bangladesh’s (SCB) credit card holders, raising serious cybersecurity concerns. According to a Bangladesh Bank source, a total of Tk27 lakh was siphoned from the credit cards of 54 customers of Standard Chartered Bangladesh during the last week of August.
Unauthorised transactions of Tk50,000 per card occurred, and were later transferred via mobile financial service (MFS) platforms. Victims alleged that the funds were debited within seconds of receiving one-time passwords (OTPs) on their phones, even though they never shared it with anyone or accessed any suspicious websites.
Microsoft to Build the “World’s Most Powerful AI Data Center”
Fraudsters swipe Tk 27 lakh from SCB cardholders
EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State
First-ever AI-powered ‘MalTerminal’ Malware Uses OpenAI GPT-4 to Generate Code
Gmail Data exposes via ChatGPT Deep Research Agent dubbed “ShadowLeak Zero-Click” Flaw
Cyber attack disrupts several European airports: check-in and boarding systems affected
Hacker claim to breach Link3; 189,000 Users data up for sale
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
What does SCB say?
After this incident, Standard Chartered temporarily suspended all transfers from its credit cards to MFS accounts.
Lutful Habib, managing director and head of wealth and retail banking at Standard Chartered Bangladesh, said, “We are aware of the incidents. So far, 54 customers have officially filed complaints. We have already informed the Bangladesh Bank and law enforcement. I personally met with the police commissioner, and an investigation is now underway.”
He further mentioned that the fraudulent transactions were made through the “Add Money” feature found on MFS platforms, so the option was disabled for all Standard Chartered credit cards.
Blame game between banks, MFS
One of the victims, Hasin Haidar, posted on his Facebook, saying, “Tk 50,000 was suddenly withdrawn from my Standard Chartered Visa card and transferred to a bKash account. Although I received an OTP, I didn’t share it with anyone. Still, the transaction happened within 20 seconds.
“The bank is saying that since the OTP was used, the responsibility lies with the customer. I believe this is a serious security issue on the bank’s part.”
Another victim, Sadia Sharmin Brishti, said that despite using her credit card for over seven years, this was the first time she had experienced such fraud.
After these allegations surfaced, Standard Chartered Bangladesh reviewed its security systems with its local and global tech teams.
According to bank officials, no errors were found in their systems.
They claim the fraud occurred through the “Add Money” feature in MFS apps, suggesting that the security loophole may lie with MFS providers.
However, sources at Bangladesh Bank said that the stolen money was withdrawn within minutes of being transferred to MFS accounts, and the associated phone numbers were deactivated shortly thereafter.
This indicates that a well-organized and technically skilled racket is involved, they said.
Therefore, questions have been raised not only about the bank’s security but also about the technical safeguards of MFS platforms.
#Dhakastream
