Days are about to go in using cash to pay for goods and services. Online banking, mobile banking, credit and debit cards, as well as stored-value cards, are accepted by merchants virtually everywhere.
Trading and commerce became easier with this transformation of transaction. The vulnerability has also increased with new transformation of technology. The risk of this vulnerability needs to be address to ensure the service.
The financial institution officers’ need of guidance on operational and risk issues associated with credit and debit cards is clear. Keeping the institution compliant and preparing for the risks associated with fraud, identity theft, and card issuing is more important than ever.
Service providers need to be aware and educated about the risk and also need to prepare themselves to meet the challenges of cyber security.
Considering the necessity to understand the technology in managing risk factors, Innova Corporation (Innova) - a fast track consultation and ICT Solutions provider imparting Information Security Consultation, in PCI-DSS, risk management and compliance etc, organized a two-day workshop from November 7 at hotel in Dhaka.
Innova Corporation organized the workshop for the key technical and security officials of different financial institutes of Bangladesh as authorized representatives of RISK Associate, Australia.
Risk Associates is a dynamic Australian information technology consulting group that provides information security, risk management, information governance, and compliance programs to clients across Australia, southeast Asia, Europe, Caribbean and North America.
Dr Aftab Rizvi, Managing Director of Risk Associate & Principal Consultant and Director at Gaming Associates Pty Ltd, conducted the training session during the workshop.
However, Aftab is the world's first tester of regulated internet based gaming systems, commencing internet gaming systems testing in 1997.
Previously Director of Technology and also responsible for all aspects of the technical evaluation of internet casinos for MGM Mirage, Littlewoods, Hard Rock Casino, Lasseters Online, The Ritz Club London, and a number of other operators, Aftab has an exposure to more than a dozen of internet gaming and wagering products and operating environments.
He has also been involved in numerous gap analyses of e-commerce systems, including internet gaming systems, products and development environments, around the world.
Aftab is a principal consultant in RISK Associates, Australia.
Techworld Bangladesh Correspondent talked with this international expert about the cyber threats and it’s vulnerability in Bangladesh and ways to meet the challenges of it. The interview is as follows:
Is it your first visit in Bangladesh?
Aftab: No, it is for the 3rd time for me to visit Bangladesh. First, I came here in last February in an event organized by the local resource community. In my 2nd visit I meet some financial key persons including of the central bank.
Is there any noticeable changes happened during the period of your travel in Bangladesh?
Aftab: Actually to processing credit card transactions, small businesses must follow The Payment Card Industry (PCI) Security Standards and ensure this community need to be aware and educated on it. There is a lot more awareness need in PCI & DSS, which are very important to understand.
It is good that Bangladesh financial community understands that especially considering the positive posture of the central bank as it issued regulatory for the institution on security issue. Information security posture get better here and it has increased that I noticed during this gap but there is a room for improvement and banks are keen to come to the level where they can ensure the better service.
The technique they are using now is right and obviously you know they have a lot of opportunity as the country has a large population. So lots of clients here they have to grab. To get more clients they need to improve the service and provide it to the mass level specially for online banking and the availability of credit/debit cards so that the customer get benefited.
Cyber threat on transaction has become the key concern worldwide. Though Bangladesh doesn’t face such vulnerability but has the possibility considering the increasing number of online user.
So what should we need to prepare ourselves in meeting the challenge?
Aftab: Firstly, I would like to say that you rightly said and exposed the vulnerability of the first world countries in using cards. We are living in a global village and you can not live isolate. This is the only reason that we need to safe our space.
Bangladesh has limited exposure as most of the people are not using cards. But there is the opportunity and potentiality to increase the number of users. To prepare yourself you need to do the awareness what we doing right now through this workshop.
My point of view is that this type of training significantly helps increase the awareness formula and knowledge and education. Conducting training on PCI, PADSS is required to prepare oneself to meet the upcoming challenges in using online banking and cards.
We work with 100 developing and under developing countries to create awareness about the issue by conducting training and workshop.
In south Asia which country do you find the most vulnerable in terms of cyber security?
Aftab: I think it very difficult to answer the question. Actually every country has strength and weakness and you cannot define it. The country, which has less awareness in security, is vulnerable. This region has the potential and is there is lot of room for business, for the banking sector and also for the new services to offer. But it needs more awareness and education as more awareness means less vulnerability.
How do you standardize Bangladesh service to address the upcoming challenges?
Aftab: Financial institute is a mature industry. Whenever a new technology comes, some challenges of security occur that need to control. So, we know the problems and know how to address. You do not need to wait for your own research and finding solutions rather to follow what others are doing. That’s why we are here to describe the practices especially for the card industry. The bank industry can take this and corporate with their own requirement. They should have customized that according their own resources.
Bangladesh government is also very keen in cyber security issue where your knowledge matters. Did you meet any stakeholders concerns in Bangladesh to bring the issue in consideration?
Aftab: I met key bankers, key community, and more along with Bangladesh Bank. And the idea is to let them inform to tell the truth around. We are working for an Australian company, working in USA, UK and European countries. And we would be very pleased to help the Bangladesh government and central bank bearing in mind the security posture they have. We meet Bangladesh bank officials and bring the issue in discussion.
How did they respond?
Aftab: They responded very positive. We have a very brief meeting that time, whatever we discuss then, it was accepted in a positive way. Everything has a process, you know, and nobody is ready to accept your all idea at a time. First of all, they need to have the confidence on us. We need to earn their trust and I think it is very important and I fully appreciate as it is the right approach to accept something new.
Your next plan is to educate and make Bangladeshis aware in cyber security?
Aftab: Next step is simple. We are here through our local representative or local resource. So, if anybody needs our help and support, we are here to assist. Our target is to work for creating awareness. Our local resource should have the basic qualification to carry out our target. They also need the proper training to achieve the target. It is very expensive to be everywhere so we need the local resources. Not only that you need to have local understanding to get involved with the region and local resources to do better here. And we are happy with our local resources and believe in their strength to help us achieve our target.
This is what I am doing everywhere.
BDST: 1954 HRS, Nov 12, 2015
RR/SMS