Bangladesh’s financial sector is racing to digitize, yet cyberattacks, MFS fraud, and WhatsApp phishing are rising faster than defenses, straining public trust and threatening national security.
The warning lights are not vague. A new assessment from the Bangladesh Cyber Security Intelligence (BCSI) says core banking and other critical systems remain dangerously exposed because of weak processes, skill gaps, and bad procurement.
Out of 62 banks, 38 have finished security testing, and 24 are still in progress, and BCSI is urging tighter oversight and broader use of its National Vulnerability Disclosure Program so local researchers can report flaws and see them fixed.
The central bank has been loud and clear. In July, Bangladesh Bank cautioned that looming cyberattacks could disrupt critical systems and ordered banks and NBFIs to raise their guard.
The headlines since then tell the story. An international bank paused the add money feature from MFS apps after cardholders at several banks saw fraudulent transfers routed through MFS rails.
The bank said criminals were abusing the rails to siphon funds from credit cards, while internal and external teams found no system flaw. Around the same time, one leading bank had its official Facebook page hijacked twice within a day, a reminder that social media is now part of a bank’s attack surface.
Police reports add texture to the threat. Chittagong police found fraudsters cloning WhatsApp identities of real officers to build credibility before going after victims’ one-time codes. Police headquarters had already warned citizens about impersonation and OTP theft. These are simple tricks, but they scale fast.
Rules exist, and they are expanding. The country has adopted the National ICT Policy, the National Digital Commerce Policy, the Cyber Security Act, and the electronic transactions framework.
Bangladesh Bank has issued ICT security guidelines, cloud computing guidelines, integrated risk management rules, and standards for MFS, RTGS, and electronic fund transfers. Analysts say the gap is no longer policy on paper but enforcement in practice, with clearer metrics and executive accountability needed to match fast-moving risks.
BCSI’s 2024 financial threat assessment pushes further, alleging conflicts of interest and tender manipulation that reward low-skill services, plus reliance on cracked tools. That mix weakens defenses and slows fixes.
The group urges regulators and banks to make testing transparent and talent-driven through the NVDP, and to coordinate responses across finance, telecom, and the National Cyber Security Agency.
Experts frame the next step as moving from box-ticking compliance to resilience that adds real value. Institutions can publish independent cyber ratings and audit summaries to create pressure for progress, share threat intelligence across the sector, run joint drills, and harden MFS rails.
This can be achieved with stronger step-up checks for add money, velocity limits, merchant whitelists, and rapid card-to-MFS kill switches.
Third-party and cloud providers need enforceable security SLAs. When incidents happen, clear and prompt customer notices help preserve confidence. These priorities echo repeated central bank advisories and align with BCSI’s call for coordinated action.
The people remain in a soft spot. Studies and industry reports suggest nearly one in 10 MFS users has faced some kind of fraud, often after social engineering tricks that capture PINs or one-time codes.
Police note WhatsApp impersonation and malicious APK links as fast-growing entry points. Users should never share verification codes, consider disabling add money from cards when not needed, and verify any request through official channels before tapping approve.
Digital finance keeps growing, yet the threat curve is steeper. With warnings from Bangladesh Bank and BCSI now on record and fresh cases in the news, banks, MFS operators, and regulators face a clear test: Turn policies into measurable resilience before the next wave hits.
This is the moment to close skills gaps, clean up procurement, back local researchers, and build habits that reduce fraud at the source. Let’s commit together today so Bangladesh protects its money and restores trust in its digital economy.
Mamun Rashid is an economic analyst and chairman at Financial Excellence Ltd.
