By Krishna N. Das and Serajul Quadir
Aug 18 The Federal Reserve Bank of New York and
Bangladesh's central bank have agreed to withdraw additional
payment security measures put in place after one of the world's
biggest cyber heists, the theft of $81 million from Bangladesh
Bank's account at the Fed, two sources said.
The decision comes after SWIFT, the global financial
messaging platform, promised in May to strengthen security on
software tools used by its clients and to develop new tools that
would spot a compromised account and raise a red flag when a
payment instruction deviates from normal patterns.
The decision was taken at a meeting in New York this week
between officials from Bangladesh Bank, the New York Fed and
SWIFT, said a source close to Bangladesh Bank who has direct
knowledge of the matter. They have agreed on a tentative
timeline to withdraw the additional security measures but the
source declined to give details.
"(The New York Fed and Bangladesh Bank) want to use (only)
SWIFT for secure communication," said the source, declining to
be named as he was not authorised to brief the media. "We are
talking about normalising our communication channels as soon as
possible."
The New York Fed and SWIFT could not immediately be reached
for comment.
In early February, hackers used stolen Bangladesh Bank
credentials to send three dozen SWIFT messages to transfer
nearly $1 billion from its Fed account, eventually managing to
route $81 million to a bank in the Philippines. Most of the
money was laundered through casinos in Manila and remains
missing.
Following the heist Bangladesh Bank initiated a new protocol
under which the Fed could only clear any SWIFT request from
Dhaka after a voice authentication. Fed officials had to call
one of two or three Bangladesh Bank officials whose voice
samples were shared with the Fed.
A senior Bangladesh Bank official in Dhaka, who declined to
be named, said more time was needed "to improve the system"
before moving back to a SWIFT-only transfer mechanism.
Both sources said the New York Fed wanted to do away with
the additional measure as it delayed genuine transfer
instructions. SWIFT has told Bangladesh Bank its system was
secure and that the Asian bank needed to tighten its own
defences to prevent criminals from hacking into their computer
systems.
Bangladesh Bank spokesman Subhankar Saha said he was not
aware of the agreement and would comment only after the bank's
delegation came back from the United States.
The bank said in a statement on Wednesday that its officials
discussed with the New York Fed and SWIFT "certain technical
details" of the heist to enhance their understanding of how the
fraud occurred and "steps that have been and will be taken to
remediate the event".
The Bangladeshi delegation also requested the New York Fed
to put more pressure on the Philippines' Rizal Commercial
Banking Corp (RCBC), to recover the rest of the stolen
money, said the source close to Bangladesh Bank. The funds were
routed to four accounts at the bank before they disappeared into
casinos in the city.
The New York Fed in June wrote to the Philippines' central
bank, prodding it to help Bangladesh Bank retrieve the money.
Bangladesh Bank officials believe the nudge from the Fed was one
of the reasons the Philippines central bank this month slapped a
record fine of 1 billion pesos ($21 million) on RCBC in
connection with the heist.
(Editing by Raju Gopalakrishnan)