Last month, when I was visiting Bangladesh, I accompanied one of my friends who is a businessman and had some outstanding issues with the bank related to his bank loan. My friend took me to the bank for discussion with the manager so that his problems related to bank borrowing can be resolved. While discussing, I noticed that officers working in that bank were able to quickly retrieve account statement from my friend’s different accounts being maintained with different branches located in different places in the country. I did not see my friend to use his bankcard or his confidential PIN (Personal Identification No.) allowing the bank officers to get access to his account. In quest of query, one of the officers told me that with first and last name or his account number, statement can be generated. I was surprised to know that those statements as retrieved from online banking system carried details transaction history along with current available account balance. Obtaining statement from different accounts within a while seems to be expeditious service of the bank. I was confused whether this type of specialized service was exclusively extended to that customer or available for any customer. After discussion with the bank official, I confirmed that this type of customer service is available under online banking system; however, they usually charge fees for account statement if taken more than twice in a year. This expeditious service ostensibly seems to be too good and convenient; however, sometimes too good is not good at all, especially when control parameter is compromised.
Severe fraud risk: If this practice in the name of digital banking is followed in the country’s banking industry, then I must say that there are severe lapses in the control mechanism. Obtaining account statement using first and last name or using simply account number, indicates that anybody working in the bank can easily get access to customers’ account what poses a serious fraud risk. We know all bankers are honest, sincere and trustworthy; so it is believed that they will not unauthorizedly touch customers’ account. However, unscrupulous people are always around us and they can indulge in fraudulent activity abusing weaknesses digital banking system. Unscrupulous officers will be able get all information from the customers’ bank account and easily follow the customer’s behaviour and transaction pattern based on which they can commit fraudulent transaction. As for example, one dishonest employee observes that one account always carries substantial amount of balance over the period of time without any frequent transaction history. He may then pass on this information to someone outside who will be able to easily make a fund transfer request using the customer’s confidential account information. In this way, fraudulent transaction might take place in customer’s account. We have to keep in mind that without banker’s involvement or association, outsiders cannot commit any fraudulent activity in bank.
Industry practice: I was discussing with some bankers about this weaknesses in control parameter and likely consequences. Thereof and in response, they expressed their utter helplessness in enforcing the practice of requesting customer to come in the bank and use his/her bankcard along with confidential PIN to get access to the account and perform required task. Because the customer will get annoyed and lodge complaint to higher management who will then listen to customer and resent the bankers for not performing customer’s request regardless how legitimate it is. This is unfortunately common phenomenon in our country’s banking industry and this malpractice occurs because there is no strict industry practice in our banking operation. Strict compliance of standard industry practice which must be meticulously followed by all banks is inevitably required to make the online or digital banking a complete success. When all banks follow the same procedures, customer will not have any scope of complaint; instead they will be compelled to abide by the rules. This industry practice should be directed from country’s regulator or central bank and Bankers’ Association as well. In the developed world where entire banking is technology based, it is unthinkable to get access to customer’s account without his/her bankcard and confidential PIN.
Banking sector in our country is gradually transforming to online or digital platform keeping pace with govt’s initiative of digital Bangladesh. Many banking services have become very fast, quick and convenient because of introducing digital banking. Electronic fund transfer in the form of both Real Time Gross Settlement (RTGS) and Bangladesh Electronic Fund Transfer Network (BEFTN) are good example of fastest online banking services. With the development of digital/online banking, degree of risk also rises. In order to mitigate the risk associated with online/digital banking, many control parameters are always put in place. Digital banking may turn dangerous if appropriate control mechanism is not developed properly. Allowing officers indiscriminately to get access to customers’ confidential information reveals serious lapses in control mechanism, so this practice must be stopped. Digital banking does not necessarily mean that confidentiality of customer information should be compromised in the name of expeditious services. Some may argue that bankers work with trust, so they will not breach any fiduciary interest which is true and most of the bankers will not do that but there may be some or few who may not check their temptation to indulge in the weakness of control mechanism. In our country there are instances where measures have not taken before any mishap takes place. We believe Bangladesh Bank should review this practice with serious attention and instruct all bankers to restrict the officers’ access to customer confidential/material information. Such access can only be allowed when customer will personally come and use his/her bankcard and confidential PIN. Bangladesh Bank should act in this area before any fraudulent activity occurs.
The writer is a banker, Toronto, Canada