- Minaoar Hossain Tanzil
Following global economic trend and prospect, our promising FinTech industry in Bangladesh is going through a major transformation. It is revolutionizing the delivery of financial services in more innovative ways as opposed to the traditional methods in practice. However, as fast as it is evolving to shape the future, it is also becoming susceptible to threats and vulnerabilities from various persistent attacks, like identity theft, money laundering, mobile fraud, card cloning, ATM fraud, data breach, and so forth. Among these, the most common type of attack is bank and credit card fraud.
Recently Bangladesh Bank has warned of fraud in FinTech services. According to them, the service providers need to take prompt remedial measures to fight frauds and forgery and ensure public confidence in the financial systems. Taking timing into consideration, such warning came against the backdrop of rising trend in the FinTech ecosystem here. Security, without a doubt, is the most vital aspect of the FinTech ecosystem. From identity (account and card) to access (POS, ATM, e-commerce) there are certain areas that need to be addressed and enhanced to make the financial systems and services well-protected and resilient against cyberattacks, minimizing the risk of making it too complex and inconvenient for the customers.
In past few years, Bangladesh saw several card fraud incidents that shook the confidence of the customers and thereby put the stakeholders in a very difficult position to regain and retain that trust. Those incidents occurred for the magnetic stripe cards which offer very low security against fraud. A magnetic stripe card contains static data of the customer, and if that data is compromised, someone in possession of that data can create a clone card and use it to make a transaction at POS, ATM and online. Cloning a magnetic stripe card is also very easy and it does not require any sophisticate tool or instrument. The plain old cassette player can clone a card and do the damage.
The security drawbacks of a magnetic stripe card are addressed by the EMV technology. An EMV smartcard with a chip provides multitude of security against frauds in general. Unlike the static data of a magnetic stripe card, the smartcard uses dynamic data of the customer and enhances the security for both POS and ATM transactions.
To overcome the vulnerability in e-commerce transaction, certain measures need to be taken to make it secure. Among those, using OTP (One-Time Password) and dCVV (Dynamic Cardholder Verification Value) is proven to be very effective.
Security, however, in a digital financial service requires far greater prevention mechanisms to fight the fraud. Practical ways to protect such services and systems contain both hardware-based security (Hardware Security Module—HSM, Trusted Execution Environment—TEE) and software-based security (Host Card Emulation—HCE, Tokenization, Public Key Cryptography—PKI, Local Database Encryption—LDE, WhiteBox Cryptography, Secure Messaging, Secure Keyboard, Code Obfuscation, and so forth). Globally, cloud-based payment specifications by international payment brands (Visa, Mastercard, American Express) provide set of guidelines for the solution providers and application developers to build the system and application.
Providing FinTech services comes with a commitment of great vigilance for a service provider. But in practical that does not always happen. Security measures go overlooked for lack of dedication and to make trade-off with investment. This should not happen. There is no shortcut to achieve the standard level of security of the system and services without investing in it both mentally and financially. If otherwise, any future mishap and attack can be fatal and even costlier for them. Customers suffer, and along with them the solution providers too.
To ensure that the security measures are properly implemented, our central bank can play an important role. They should provide the policies and guidelines, as well as strictly monitor if those are implemented and practiced.
Kona Software Lab Limited, the Bangladesh office of the South Korean smartcard industry pioneer KONA I Co. Ltd., is working in Bangladesh since 2012. Being one of the top five banking card providers in the world, it is the only company that is operating its own-developed payment platform as a digital bank in South Korea. The platform was conceptualized and developed by Kona Software Lab Limited. The company has a strong presence in Bangladesh, boasting a pool of skilled research engineers, as well as the access and aptitude to bring in the state-of-the-art technologies that are ahead of time in terms of Bangladesh FinTech industry. The company envisions interoperability among the stakeholders of the ecosystem without having to compromise security, and believes that—in doing so, the ultimate economic excellence will be achieved.
The writer is the Managing Director of Kona Software Lab Limited