A BRAC Bank web site image shows online login process. All scheduled banks except HSBC and BRAC Bank failed to introduce two-step authentication for the use of credit and debit cards for online transactions by April 1 deadline set by Bangladesh Bank, said officials of the central bank.

All scheduled banks except HSBC and BRAC Bank failed to introduce two-step authentication for the use of credit and debit cards for online transactions by April 1 deadline set by Bangladesh Bank, said officials of the central bank.
On September 2, 2013, the BB issued a circular to all banks asking them to implement the new method ‘additional authentication’ or two-factor authentication for Card Not Present transactions by April 1 in a bid to tackle fraudulent acts.
As per the method the banks are supposed to issue a one-time password for every transaction to their clients through their mobile numbers and emails.
The transactions are supposed to be executed when the clients insert the one-time security code in the process.
Scheduled banks’ officials said that they showed reluctance to implement the system as the implement cost of the two-factor authentication was so high.
Besides, the banks will have to tie up with software companies to set up the technologies for the two-factor authentications after which they will make agreement with the international payment system operators like Visa and American Express.
Against the backdrop, some banks including United Commercial Bank, Standard Chartered Bank and National Bank have already applied to the central bank to extend the deadline to implement the two-tier authentication, the BB official said.
The Card Not Present transaction is referred to a transaction a consumer carries out without presenting his/her credit or debit card, he said.
‘For example, a consumer can make online payment for any purchase of product by using his/her credit or debit card’s number and password, without swiping the card through any machine,’ the official said.
This type of transaction is usually used in the e-commerce, he said.
Clients of the banks now use a fixed password in transaction through the CNP.
‘In the current system, fraud risk is high as such type of fixed password can be easily accessed by hackers,’ the official said.
He said that the central bank might give two to three months to the commercial banks to implement their two-factor authentication.
All Banks have to implement the method on mandatory basis to secure the transaction system with e-commerce.
UCBL first assistant vice-president Md Marufur Rahman said that every bank would have to set up excess control server by receiving cooperation from a software company to implement the two-tier authentication.
The implementation cost of the two-factor authentication is so high which caused delay for setting up the method in due time for the banks, he said.
He, however, said his bank would set up the two-factor authentication in the quickest possible time.
Southeast Bank card division head Md Abdus Sabur said his bank had failed to implement the system in accordance with the central bank deadline as their technology-supported company could not avail the facility.
Twenty-two banks including Southeast Bank is now receiving technology support from Information and Technology Consultancy Ltd, he said.
Not only Southeast Bank but also 22 banks failed to implement the two-factor authentication in due time, Sabur said.
He hoped that his bank would complete the required measures to implement the two-factor authentication within this month, he said.