The hacking of a Bangladeshi Bank last February where about $81 million was transferred by fraudsters hacking into the SWIFT Inter Bank money transfer system is a grim reminder of the weaknesses in our Banking eco system.
The article explains the suspected modus operandi used by hackers to book 35 fraudulent transfers amounting to nearly US$ 1Billion from the Central Bank of Bangladesh to Federal Bank of New York. By by some grace of God only 4 of these transactions were carried through and the loss was limited to $81 million. The principle cause could be the compromise of the access credentials of one of the Bank employees with a malware. What compounded the problem was the delays in cross verification arising out of holidays first in Bangladesh and then in New York exposing the Bank to the huge loss. Finally what prevented 30 transactions to be held up by the New York Bank was that one of the e-mail addresses contained the word “Jupiter” which was a black listed name of an Iranian Oil Vessel subject to certain sanctions. One transaction failed due to a spelling mistake.
Now a clear 4 months later a similar attack seems to have been repeated on one of the Indian Banks in Mumbai which again by a stroke of luck did not go through.
This time the US Bank was a little more alert to identify an unusual transaction and the Indian Bank was saved. At this point of time it is not clear which was the Bank involved except that it was a public sector Bank with headquarters in Mumbai. The Economic Times report indicates that the Stock Exchange has not been informed of the attempted fraud which should be considered as a violation of the SEBI norms.
The CERT IN guidelines require that the information regarding such security breaches need to be reported to them and even the latest RBI guidelines mandate reporting of such incidents. However Banks continue to hide the incidents and keep their investors in the dark until one day such frauds blow up on their faces.
One thing however is clear from these incidents that the security systems within the Banks has several short comings and if even the SWIFT transactions are unsafe, one can wonder how safe are the RTGS transactions.
Just like the Banks, customers also should pray for luck to be on their side to protect their funds from fraudsters!