Local card transactions must go thru' national payment switch: BB
The central bank yesterday issued a notice that mandated domestic card transactions with its national payment switch, which is yet to be EMV-compliant and remains vulnerable to fraud.
EMV, which stands for Europay, MasterCard and Visa, is a global standard for cards that uses computer chips to authenticate and secure chip-card transactions.
The notice said all point-of-sales (POS) terminals have to be connected with the NPS and transactions must go through it.
The Bangladesh Bank has also issued a number of regulations, including making all card-based transactions PIN-based by this year.
All banks have to be certified by the Payment Card Industry-Data Security Standard (PCI-DSS), a global standard, by next year and all cards have to be chip and PIN-based by June next year, according to the notice.
The move aims to crack down on rising card fraud and discourage cash transactions in the country.
Bankers welcomed the decision, but they said making the NPS EMV-compliant is very urgent to avoid fraud.
"There will be risks unless the NPS becomes EMV-compliant," said Abul Kashem Md Shirin, managing director of Dutch-Bangla Bank, which runs around 3,000 automated teller machines and over 8,000 POS terminals across the country.
Shirin also said there should be a contingency plan so that if anything serious happens with the NPS, card transactions remain active.
Some other bankers said security continues to be an issue, as the NPS can only process data from the magnetic stripe and not from secure chips.
As a result, the acquirer bank is always exposed to loss and fraud, and if there are frauds they are not going to be compensated.
In February last year, when fraudulent cash transactions were detected at several ATM booths, some banks switched off the NPS line as they thought the fraudsters exploited the weakness of the NPS.
Another group of bankers, however, said there is nothing wrong with the central bank's NPS platform; rather, the banks should take measures to protect their customers' PINs.
Of the 57 banks operating in the country, 52 are connected with the NPS, according to the BB.
Only a few banks have made their cards chip-based, with the majority still running with magnetic stripped-cards, which are highly vulnerable to fraud.
Of all the banks, only two are PCI-DSS certified and four are awaiting the certification, which is a proprietary information security standard for organisations that handle branded cards from major card schemes like Visa, MasterCard, American Express, Discover, and JCB.
The BB has also asked all banks to make their ATMs EMV-equipped and install anti-skimming devices by the end of the year.
Comments