InfoSecBulletin Cybersecurity for mankind
An organised racket has reportedly siphoned off lakhs from Standard Chartered Bangladesh’s (SCB) credit card holders, raising serious cybersecurity concerns. According to a Bangladesh Bank source, a total of Tk27 lakh was siphoned from the credit cards of 54 customers of Standard Chartered Bangladesh during the last week of August.
Unauthorised transactions of Tk50,000 per card occurred, and were later transferred via mobile financial service (MFS) platforms. Victims alleged that the funds were debited within seconds of receiving one-time passwords (OTPs) on their phones, even though they never shared it with anyone or accessed any suspicious websites.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
What does SCB say?
After this incident, Standard Chartered temporarily suspended all transfers from its credit cards to MFS accounts.
Lutful Habib, managing director and head of wealth and retail banking at Standard Chartered Bangladesh, said, “We are aware of the incidents. So far, 54 customers have officially filed complaints. We have already informed the Bangladesh Bank and law enforcement. I personally met with the police commissioner, and an investigation is now underway.”
He further mentioned that the fraudulent transactions were made through the “Add Money” feature found on MFS platforms, so the option was disabled for all Standard Chartered credit cards.
Blame game between banks, MFS
One of the victims, Hasin Haidar, posted on his Facebook, saying, “Tk 50,000 was suddenly withdrawn from my Standard Chartered Visa card and transferred to a bKash account. Although I received an OTP, I didn’t share it with anyone. Still, the transaction happened within 20 seconds.
“The bank is saying that since the OTP was used, the responsibility lies with the customer. I believe this is a serious security issue on the bank’s part.”
Another victim, Sadia Sharmin Brishti, said that despite using her credit card for over seven years, this was the first time she had experienced such fraud.
After these allegations surfaced, Standard Chartered Bangladesh reviewed its security systems with its local and global tech teams.
According to bank officials, no errors were found in their systems.
They claim the fraud occurred through the “Add Money” feature in MFS apps, suggesting that the security loophole may lie with MFS providers.
However, sources at Bangladesh Bank said that the stolen money was withdrawn within minutes of being transferred to MFS accounts, and the associated phone numbers were deactivated shortly thereafter.
This indicates that a well-organized and technically skilled racket is involved, they said.
Therefore, questions have been raised not only about the bank’s security but also about the technical safeguards of MFS platforms.
#Dhakastream
