MFS faces growing risk of fraud

The mobile financial service (MFS) has enhanced our access to goods and services, diversified payment methods, and expanded commercial opportunities, but the sector still faces challenges.

Despite serving as an instrument for financial inclusion, concerns over consumer protection ail the industry. 

A survey conducted by Ashikur Rahman, a senior economist at the Policy Research Institute of Bangladesh, and his team in August-September 2021, reveals a concerning figure: nearly one in 10 MFS users has fallen victim to some form of fraud. 

Users face various security challenges, including compromised PINs, unauthorised transactions, data/e-money theft during SIM swaps, SMS spoofing, fake calls/emails, and breaches in consumer security and privacy. 

The causes of these risks stem from inadequate app security, a lack of digital literacy, ambiguous redress mechanisms, and insufficient data governance and privacy policies.

According to the Cyber and Special Crimes Division of DB (North), 42.35 percent of criminal cases filed in 2023 were against fraudulence through online platforms. 

Social engineering has become a prevalent method for MFS-related forgery, according to Junaid Alam Sarkar, additional deputy commissioner of police intelligence of the division. Perpetrators extract crucial information such as PINs, passwords, and one-time passwords (OTPs), employing emotional manipulation to convince individuals to send money, often using social media.

Sarkar highlights a tactic where scammers clone a number resembling the customer care number to deceive people into sharing their PINs. He notes instances where individuals willingly share or sell information. 

Another avenue involves obtaining someone's number through eavesdropping, from transaction records of agents, or from information left behind during purchases.

The mobile banking landscape in Bangladesh operates through two primary channels – USSD and apps. USSD caters to people without smartphones. While USSD transactions boast a multilayer security mechanism, its complexity might pose a challenge. Although more secure, USSD transactions are relatively costlier.

One glaring vulnerability in app-based transactions lies in the potential for opening an account on someone else's phone. A solution involves verifying the SIM card to match the owner of the account and the phone number.

Mahbubur Rahman Alam, an associate professor at the Bangladesh Institute of Bank Management, thinks the use of international mobile equipment identity numbers could be instrumental in confirming the legitimacy of accounts opened through apps.

According to the Cyber and Special Crimes Division, a scamming hotspot exists in the Faridpur region. Identifying culprits becomes challenging when false accounts provide incorrect NID numbers or addresses. Moreover, the culprits often switch off their numbers after offences.

In order to address these critical gaps, Alam said rigorous verification during the Know Your Customer (KYC) verification is crucial.
KYC verification in Bangladesh can be strengthened by matching SIM numbers with the national identification card. Incorporating parents' NID numbers could enhance the verification process.

The technical security measures in MFS are robust, but challenges arise due to password leaks through hacking or social engineering. Therefore, Alam stressed the need for awareness and data security among agents.

DB's Sarkar stresses that without knowing critical details such as OTPs and PINs, breaching safety is tough. He recommends verification through multiple communication channels, especially when individuals receive suspicious messages or calls through social media.

Shamsuddin Haider Dalim, head of corporate communications at bKash, emphasises the need for digital literacy, particularly in refraining from sharing PINs, passwords, and OTPs.
He notes that dubious advertisements on social media platforms often falsely use the names of respected service providers. To combat this, Dalim advises users to rely on verified pages on social media platforms and cross-check any doubts through official customer care numbers. 

He underscores that the legitimate call centre will never initiate calls. BIBM's Alam suggests establishing a special hotline involving stakeholders that could expedite solutions.
To reduce forgery, popularising multifactor authentication, including OTP and biometric functions, can be effective. Software detection of fraudulent transaction patterns is another proactive measure, he added.
The author is a senior executive of The Daily Star.