Case Law On Mobile Banking Fraud In Bangladesh
Case 1: bKash SIM Cloning and Fraud Ring (Dhaka, 2019)
Facts:
A gang of 7 people was arrested for using cloned SIM cards to commit mobile banking fraud. They opened multiple mobile banking accounts using stolen NID information and then transferred funds from victims’ accounts to their own.
Method of Fraud:
Stolen personal information (NID numbers, phone numbers).
Creation of fake SIM cards linked to victims’ mobile banking accounts.
Transfer of funds using mobile banking apps and agents.
Legal Outcome:
Arrests were made under sections of the Bangladesh Penal Code relating to fraud and identity theft.
Charges included criminal breach of trust, cheating, and forgery.
The case highlighted the vulnerabilities in linking SIM cards to mobile banking accounts and prompted stricter verification rules for mobile financial services.
Significance:
First widely publicized case showing SIM cloning and identity theft as major fraud vectors in Bangladesh’s mobile banking system.
Resulted in regulators and MFS providers increasing OTP verification and agent monitoring.
Case 2: RAB Arrests Mobile Banking Fraudsters Using Phishing (Dhaka, 2020)
Facts:
A group of 13 fraudsters stole more than 1 crore Taka in two months by tricking mobile banking users into giving their account credentials.
Method of Fraud:
Fraudsters impersonated bank officials over phone calls.
They asked victims for OTPs (one-time passwords) and PIN codes.
They also engaged in card forgery to withdraw funds from accounts.
Legal Outcome:
Arrested under the Digital Security Act and Bangladesh Penal Code for digital fraud, cheating, and unauthorised computer access.
Investigations revealed that some agents of mobile banking providers were complicit.
Significance:
This case exposed the combined threat of social engineering and insider collusion.
Led to tighter rules for agent management and enhanced user education about phishing.
Case 3: Nagad Regulatory Fraud (Bangladesh Bank Case, 2025)
Facts:
Bangladesh Bank filed a case against Nagad Ltd for issuing e-money worth 645 crore Taka without maintaining the legally required reserve.
Method/Issue:
Nagad issued mobile money liabilities (e-money) without maintaining 100% reserve in the bank.
This created a risk to depositors and the overall financial system.
Legal Outcome:
Bangladesh Bank took regulatory action and filed criminal proceedings against the company and its executives.
Highlighted that issuing e-money without currency backing violates Payment and Settlement Systems Regulations and Bangladesh Bank directives.
Significance:
Institutional-level fraud rather than customer-targeted fraud.
Reinforced the requirement for MFS providers to comply strictly with reserve and reporting obligations.
Case 4: Insider Mobile Banking Fraud at Grameenphone (Dhaka, 2016)
Facts:
Five customer service employees of Grameenphone were arrested for helping fraudsters clone SIM cards and withdraw money from mobile banking accounts.
Method of Fraud:
Employees accessed customer data illegally.
They shared information about account numbers, linked mobile numbers, and OTPs with fraudsters.
Victims were unaware of the theft until funds were withdrawn.
Legal Outcome:
Employees faced charges under the Bangladesh Penal Code for fraud and criminal breach of trust.
Telecom regulatory authorities mandated stricter employee monitoring and customer verification.
Significance:
Highlighted the insider threat to mobile banking security.
Led to policy changes regarding employee access and data protection in telecom and MFS sectors.
Case 5: Phishing & OTP Fraud in Chattogram (2025)
Facts:
A fraudster called a customer pretending to be a bank official and obtained OTPs to withdraw nearly 9.75 lakh Taka from the victim’s account.
Method of Fraud:
Impersonation of bank officials via phone calls.
Social engineering to obtain OTPs and app activation details.
Unauthorized transfer of funds.
Legal Outcome:
Reported to the Cyber Tribunal in Chattogram.
Charges filed under Digital Security Act, cheating, and unauthorised computer access.
Bank is required to investigate security lapses and assist in recovery.
Significance:
Classic phishing case showing the vulnerability of users to social engineering.
Reinforced the importance of OTP security, customer awareness, and banking compliance procedures.
Key Observations Across Cases
Types of Fraud: SIM cloning, phishing, insider collusion, unauthorized e-money issuance.
Legal Actions: Arrests under Penal Code, Digital Security Act, and regulatory sanctions.
Regulatory Lessons: Need for stricter KYC, agent monitoring, employee oversight, and secure OTP processes.
Systemic Implications: Mobile banking fraud can be both individual-targeted and institutional, affecting trust in the financial system.
RELATED Blog
comments