BB vows to adapt 3-tier security to fight heist

Bangladesh Bank is implementing a ‘remediation plan’ to build a foolproof security system to prevent any further breaches in its overseas transactions, following the $81 million heist incident in February 2016.

“We’ve started the implementation of the remediation plan after the February heist. The governing board of the Bangladesh Bank approved the plan in May this year,” said a top official at the central bank.

He said that implementing the remediation plan will need at least another 6 months, including installation of a new security mechanism to prevent all kinds of threat from international cyber hackers.

According to official sources, Bangladesh Bank, Federal Reserve Bank of New York and the Swift authorities have taken some short- and long-term measures to check any further fraud immediately after the February incident.

But the trio had to take up a coordinated plan to make their overseas transaction system a foolproof one, said a top official at the Bangladesh Bank.

“We’re now implementing the plan which needs some procurement of hardware and software. We hope, will be able to complete the implementation of the plan within the next six months,” said a senior official of the central bank who preferred not to be named as the matter is ‘very sensitive’.

Official sources said Bangladesh has long been using the SWIFT (Society for Worldwide Inter-bank Financial Telecommunication, an inter-bank messaging system that allows for large cash transfers between banks) system for its overseas transaction since it provides an exclusive online channel to transfer money.

But in November 2015, Bangladesh Bank launched ‘Real-Time Gross Settlement (RTGS) system’ with the help of SWIFT to facilitate local businesses’ international transactions on a real-time basis.

“The new system virtually made infiltration easier to get the access to the exclusive SWIFT channel which ultimately brought on the disaster in February last,” the central bank source told UNB.

According to him, RTGS is an open system used by multiple users from local and international arena to make their business transactions, while SWIFT is an exclusive online platform used by the central banks of different countries and also by leading international financial institutions to send and receive their transaction-related messages.

The source said that soon after the heist in February, all the parties primarily identified ‘the connectivity between SWIFT and RTGS’ as the main loophole that provided cyber criminals an entry into the system.

The international hackers even broke the firewall which was being used to protect the system, he added.

“So, we instantly suspended the joint operation of SWIFT and RTGS and the connectivity between them. The central bank board endorsed the decision,” he said, adding that this measure was taken in consultation with the two other parties (Swift authority and the Federal Reserve Bank of New York).

Since then, Bangladesh Bank has been operating the Swift and RTGS systems separately, and now there is no connectivity between them anymore, said the BB top official.

Bangladesh Bank, Swift and the US Federal Reserve are now using a three-tier system for making the overseas transactions more secure.

In the three-tier system, Bangladesh Bank now sends and receives messages online, then checks it manually and then communicates over telephone to confirm the transaction. In the current system, voice identification is also being used by the parties.

Besides, the Federal Reserve and SWIFT introduced 24-hour service in their operations, with no stoppage for holidays following the Bangladesh heist incident, said the BB official.

But all of these are short-term measures and Bangladesh Bank has been advised to implement a long-term plan under which Bangladesh Bank has floated a number of international bids to procure some hardware and software to make its system more secure. The remediation plan is intended for that purpose.

Contacted, Bangladesh Bank executive director and spokesman Suvankar Saha declined to disclose any details on the measures taken by the central bank to check any further heists.

“A comprehensive plan is being implemented in this regard. But it’s too early to brief on the issue,” he told UNB.