Banking Regulators Introduce Stringent Measures to Enhance Digital Banking Security

April 14, 2023 - 10:00 AM

In a move aimed at strengthening the security of digital banking products and services in Bangladesh, the Bangladesh Bank has issued a circular (BPRD Circular No. 04) introducing stringent measures to protect customers from various types of digital frauds.

Instant Alerts Mandatory

To enhance customer awareness and prevent unauthorized transactions, financial institutions (FIs) must send instant free-of-charge alerts on the following occasions:

• Sign-in from a new device not already registered
• Password reset
• Failed login attempts
• Request for availing lending products

These alerts will be prioritized, and FIs must ensure sufficient capacity and bandwidth to instantly send these notifications.

No Balance Disclosure

FIs are prohibited from disclosing account balance information while sending transaction alerts.

Customer Awareness Campaigns Mandatory

To educate customers about digital frauds, including ongoing methods of fraud and preventive guidance, FIs are required to develop a strategy and program. This campaign will be implemented through electronic, print, and digital media.

Comprehensive Investigations and Data Loss Prevention

FIs must conduct comprehensive investigations into digital banking frauds, including end-to-end validation of customer assertions and review of PII access logs. They must also implement Data Loss Prevention Controls to prevent data compromise.

Exemptions for Overseas Travelers

FIs may exempt certain digital channel controls for domestic customers traveling overseas or RDA account holders on request.

Reasonable OTP Validity

FIs must ensure that One-Time Passwords (OTPs) used for authentication are of reasonable length with appropriate validity.

Transaction Insurance and Compensation

FIs must offer transaction insurance to customers at competitive charges, activated upon explicit customer consent. They will also compensate customers for losses due to delay in taking remedial measures.

Liability Framework

The new liability framework outlines the responsibilities of FIs in case of fraudulent transactions or social engineering scams. The originating bank (sender FI) will bear complete liability in most cases, except where the beneficiary bank (receiving FI) fails to mark a lien on the suspected account within stipulated time.

For more information, please contact:

Bangladesh Bank

• Address: Bangladesh Bank Building, Motijheel C/A, Dhaka 1000
• Phone: +880-2-9565666
• Email: info@bangladeshbank.org
• Website: www.bangladeshbank.org