Back

Bangladesh Bank Enforces Stricter Rules to Combat Cyber Fraud in Money Transfers

Severity: High (Score: 64.5)

Sources: Newagebd, Today.Thefinancialexpress.Bd

Published: 2026-05-19 · Updated: 2026-05-20

Keywords: money, bank, cards, accounts, transfer, rules, bangladesh

Summary

Bangladesh Bank has implemented new regulations for transferring funds from bank cards to mobile financial service (MFS) accounts to address rising cyber fraud. Starting August 1, 2026, transfers will only be permitted if both the bank card and MFS account are registered under the same individual's name. Customers must first complete a token transaction of up to Tk 500 before linking their card to an MFS account, with the linking becoming active 24 hours later. This decision follows a significant cyber fraud incident where nearly Tk 27 lakh was stolen through unauthorized transfers involving Standard Chartered Bangladesh cards. The fraudsters exploited vulnerabilities in the system, bypassing one-time password protections using SIM cards and MFS accounts registered under different names. Banks and MFS providers must comply with these new rules or face suspension of their services. The central bank's earlier instructions regarding MFS transactions remain in effect alongside these new directives. Key Points: • New rules require same-name registration for card-to-MFS transfers effective August 1, 2026. • A recent cyber fraud incident resulted in a loss of nearly Tk 27 lakh through unauthorized transactions. • Banks must ensure beneficiary wallet visibility during transactions to avoid service suspension.

Detailed Analysis

**Impact** The new rules affect all customers of scheduled banks and mobile financial service (MFS) providers in Bangladesh who transfer money from bank cards to MFS accounts. A recent cyber fraud incident involved unauthorized transfers totaling nearly Tk 27 lakh (~USD 31,000) from Standard Chartered Bangladesh cardholders to MFS wallets, impacting financial institutions and customers. The fraud exploited cross-account transfers, complicating fund recovery and increasing operational risks for banks and MFS operators nationwide. **Technical Details** Fraudsters bypassed one-time password (OTP) protections on credit and debit cards to execute unauthorized card-to-MFS wallet transfers. They used SIM cards and MFS accounts registered under different individuals’ names to launder stolen funds, evading direct tracing. The attack exploited weaknesses in identity verification and transaction classification, specifically in card-to-wallet "add money" processes. No malware, CVEs, or specific infrastructure details were disclosed. **Recommended Response** Enforce the mandatory same-name registration for card-to-MFS transfers starting August 1, 2026, and require a successful token transaction of up to Tk 500 with a 24-hour waiting period before linking cards to MFS accounts. Configure systems to classify card-to-wallet transactions as fund transfers, not merchant payments, and ensure beneficiary wallet numbers are visible to card-issuing banks. Suspend card-to-MFS services if compliance is not achieved by July 31, 2026. Monitor for unauthorized cross-account transfers and verify transaction ownership rigorously.

Source articles (2)

  • BB tightens card-to-MFS transfer rules — Newagebd · 2026-05-19
    Bangladesh Bank has imposed stricter conditions on transferring money from bank cards to mobile financial services accounts, commonly known as ‘add money’, amid rising concerns over cyber fraud and un…
  • Same name reg mandatory for money transfer from cards to MFS accounts — Today.Thefinancialexpress.Bd · 2026-05-19
    Bangladesh Bank (BB) has issued stricter rules for transferring money from bank cards to mobile financial service (MFS) accounts in a move to curb rising cyber-fraud and strengthen transaction securit…

Timeline

  • 2026-05-17 — Bangladesh Bank issues new transfer regulations: New rules mandate same-name registration for card-to-MFS transfers to combat cyber fraud, effective August 1, 2026.
  • 2026-05-17 — Cyber fraud incident reported: Fraudsters siphoned off nearly Tk 27 lakh from Standard Chartered Bangladesh cards through unauthorized transfers to MFS wallets.
  • 2026-07-31 — Deadline for compliance with new regulations: Banks and MFS providers must implement required technological changes by this date to continue offering services.

Related entities

  • BKash (Platform)
  • Nagad (Platform)
  • Standard Chartered Bangladesh (Company)
  • Bangladesh (Country)
  • CWE-287 - Improper Authentication (Cwe)
  • Financial (Industry)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed