The Bangladesh Bank has detected that a group of fraudsters apparently hacked the National Savings Scheme Online Management System and withdrew Tk 25 lakh by encashing a savings certificate purchased by a client from the central bank’s Motijheel office.
The breach has exposed serious weaknesses in a digital system that manages one of the most trusted investment tools for ordinary citizens in the country.
According to Bangladesh Bank officials, the syndicate attempted to encash savings certificates worth nearly Tk 1 crore belonging to three clients before maturity.
Two of those attempts were blocked on time, but one succeeded, allowing the criminals to withdraw the amount.
The victim later complained to the central bank that his account-holding bank had been changed and his savings certificate encashed without his knowledge.
Bangladesh Bank spokesperson Arief Hossain Khan, also executive director of the central bank, said that the central bank had formed an investigation committee headed by executive director Amzad Hossain Khan to find out whether the breach stemmed from internal collusion or external hacking.
The committee is also examining if anyone gained unauthorised access to the system’s central server which contains sensitive investor data.
He said that three officers from the Motijheel office who had access to the online system had already been removed.
‘The hackers changed the victim’s account-holding bank and transferred the account to another bank to withdraw the money,’ he added.
As the system operates under the finance ministry, the ministry has also formed a separate investigation team to identify whether there were any weaknesses in the system.
The central bank has filed a general diary with the Motijheel police station in this connection and the police station has assigned an investigating officer to it.
The police station’s officer-in-charge, Mezbah Uddin, said that the incident was being treated as a serious matter.
The certificate was purchased through Agrani Bank’s Press Club branch.
On Monday, without any formal request, the customer’s account was suddenly transferred to a sub-branch of NRB Commercial Bank in the northern region.
On the same day, the full amount, Tk 25 lakh, was withdrawn from NRBC Bank’s Shyamali branch and Dhanmondi branch.
Officials at the Bangladesh Bank’s Motijheel office said that no application for encashment had been submitted there, as required under the existing procedures.
The Bangladesh Bank suspects that the fraudsters might have exploited the ongoing transition in the country’s banking sector.
Many investors have recently applied to the central bank to change their account-holding banks amid deposit repayment delays at several banks for liquidity crisis at those banks and a central bank’s initiative to merge five Shariah-based banks into an entity.
The incident, the first of its nature, has raised concerns about the security of the National Savings Scheme Online Management System, introduced in 2019 to curb irregularities in purchasing and encashing savings certificates.
The digital platform was designed to ensure that all transactions are recorded in a central database to prevent duplication or fictitious investments.
Savings certificates, known as Sanchayapatra in Bangla, are among the most popular and secured investment options in Bangladesh, attracting millions of small savers, pensioners and families.
Backed by the government and guaranteed returns, these instruments are managed through an automated system that transfers profits and maturity amounts directly to investors’ bank accounts via electronic fund transfer.
Such a breach could dampen public confidence in a system designed to reduce manual handling and eliminate fraud.
Access to the online management platform is limited to approved officers, who are legally bound to maintain confidentiality. Misuse of credentials or data is a punishable offence.
