The Bhutanese Leading the way.
With incidences of unauthorized transaction through mobile banking apps, financial institutions in the country said that the sharing of bank account details is the main cause.
All the banks in the country have mobile banking apps, mBoB, BNB m-Pay, T bank TPay, Druk PNB app and BDB ePay with various features. They have shared that their clients may lose trust from their banking services with such incidences; however, nothing can be done as it solely depends upon their clients in protecting their details.
The clients tend to set the passwords which are guessable and they have the tendency to have the same pin for almost everything and that is something that any hackers can easily guess, they added.
“People have a habit of posting screenshots of transferred money on various social media and this is one way whereby a smart hacker can connect dots and commit the crime. So avoid posting screenshots on any social media,” they shared.
Ugyen Tenzin, Head of m-BoB, said, “Our m-BoB is secure, however personal data of the users are getting compromised. We therefore keep informing our customers to not share any banking personal information, and not even to your close people unless necessary. Otherwise, one becomes victim to fraud cases.”
He said that if one’s email id is being shared to anyone than they can easily request for a change of pin codes and therefore, they urge their clients to be careful about their email id as many tend to leave their email open in various devices.
“All errors are man-made whereby some fraud happens from within the banks while some happens with ones carelessness. So the best we can do is to keep informing our clients on safe banking. Otherwise our system is well protected with strong firewalls and no banks will share our client’s detail,” he added.
Meanwhile, in connection to the recent case of unauthorized transaction via m-BoB, they have disabled OTP delivery to email address. However, it has caused inconvenience to the clients outside Bhutan but they are looking for a way out.
“We do receive cases of unauthorized transaction but they are very few. The maximum case happens within the family whereby kids transfer the amount without the knowledge of the parents and same between the spouses,” he added.
Hem Kumar Acharya, Chief Operations Officer of BNBL said that basically their app is secure whereby they have all the information technology related firewalls. However, the security of the app itself also depends upon the users.
He said, “So far, we have found nothing that been penetrated, in a way that compromises the transactional flow. Otherwise, it’s on the user side who are relaxed with their mobile passwords.”
He said that they rely on whatever security is there but they have to be aware that there are new threats emerging almost every other day. Therefore, they have to be updated on what kind of security threat is coming up and from where.
He said, “BNBL is concerned to ensure the data of our customers are protected and nobody should be able to hack it. Our app is secure to use unless the customer themselves fail to protect their password or an account detail.”
An official from T-Bank said that since their app launched in 2018 and they have not come across any cases of unauthorized transaction and they are confident that their app is secure.
An official from BDBL said, “From the cyber security point of view, no application is 100% secure, the only secured apps are the ones that are not connected to the internet. Every application is vulnerable when it is connected to internet.”
They are following token base authentication structure in their mobile app for every single request to check if token id is valid or not. They recommend users not to share their M-PIN with anyone and to register with sms banking so that every transaction will be notified, he added.
An official from Druk PNB meanwhile said that so far they have never encountered such cases in their bank and the possibility of hacking is less until the user shares the secret keys to anyone else. “Our app is safe; however, to ensure safe transaction, users must secure their personal information,” he added.
They urge their clients to keep changing their pins so that it would be hard on anyone to break through and never to share their mobile phone with anyone, he said, adding that otherwise its safe to use their app.
The advice is to hide the screen while withdrawing money from ATM. All the banks have a plan to upgrade their apps with better and more secure features.
Message from The Bhutanese
Dear Reader,
Advertise with The Bhutanese for your money’s worth
Whether you are a government agency or a private business, the COVID-19 Pandemic and its economic impact means every Ngultrum counts when you want to advertise a tender, vacancy, public notification or your business.
Advertise with The Bhutanese which is the only newspaper in Bhutan that reaches all 20 Dzongkhags according to a 2019 BICMA Circulation Audit.
Apart from being widely read we also place your advertisements in our popular Facebook and Twitter pages which have more followers than all other private media combined.
Our rates are far more reasonable than those of state owned media outlets.
Contact us at: Mb Nos 77351243, 17231307, 17255501 (At all hours and holidays)
Landline: 335605 Fax: 02 335593 (9 am to 5 pm)
Email: ad.bhutanese@gmail.com (At all hours and holidays)
The Bank App do not seem to have MFA (Multi Factor Authentication) and that is where the vulnerability lies. They should incorporate in the App.