MFS is being used in app financial fraud, who will prevent it?

People across the world are increasingly concerned and worried due to various forms of propaganda, rumours and false information through social media. Especially when the two primary social communication platforms, Facebook and YouTube, are supporting cybercriminals in most of the world, there is reason for common people to be concerned; But still social media has a community standard, policy. Users can file a report if affected.

Hundreds of smartphone apps are becoming a vast domain of crime in the cyber world than social media. These apps have now become formidable weapons for cybercriminals. Instances of individuals being harassed and driven to suicide have occurred in various countries through the use of such apps. This is because these apps allow hackers to gain instant control over someone's Android smartphone, even if it is located far away. Hackers can grab all the information on the smartphone. Even a financial sector, banking or any other service server connected to this smartphone can be taken over by hackers and cause a big disaster. The subject of concern is that, although the government and relevant authorities in our country have been sufficiently vigilant against the spread of rumours through social media, there still seems to be a somewhat indifferent attitude towards cyberbullying through the use of apps.

In August of the current year (2023), an online platform named "MTFE" has swindled nearly 11 thousand Bangladeshi Taka from ordinary users using its own app. About 90 percent of the people who have been cheated using the platform's app are Bangladeshi citizens, according to various media. Basically, 'MTFE' used to cheat people by encouraging them to make profitable investments in cryptocurrencies through their app. Primarily, "MTF" encouraged people through its app to invest significantly in cryptocurrency, leading them into the trap of exploitation.

Before the year's end, 1.5 thousand people fell into the trap of another fraudulent app in China and the case of smuggling about 200 crore taka into China was revealed. Police also arrested 15 people of this fraudulent gang. Police have carried out their duties; however, in Bangladesh, the use of such apps requires approval and oversight from several authorities in matters related to financial transactions, permissions, and approval processes. In Bangladesh, the free use of fraudulent apps and repeated frauds and huge sums of money inevitably raise questions about whether the authorities concerned have genuinely fulfilled their responsibilities. Will it be possible to bring back the huge amount of money that has already been smuggled abroad?

In the last few years, incidents of people falling into the trap of various apps at different times have surfaced in Bangladesh. Even at this moment, extensive Bengali advertisements for such apps can be seen on YouTube. YouTube is now abuzz with Bengali advertisements of many online gambling apps, especially with the lure of making incredible amounts of money in a short period of time. No such ads were seen on Facebook or TikTok; But when you go to watch popular Bengali songs, movies, news videos on YouTube, these gambling app ads come to the fore. Here it should be noted that Facebook and Tik Tok adhere to very strict policies in terms of advertising, but the Google authorities managing YouTube are taking an unethical position or a form of corruption in advertising, which is why cheating trap ads are being circulated freely on YouTube.

Currently, YouTube stands as the most popular and dangerous social media app globally. The virtual platform with the largest potential risks is Google Play Store. Most of the fraudulent apps are downloaded from the Google Play Store. Upon further consideration, in Bangladesh, about 90 percent of the dissemination and perpetuation of fake news and distorted information against the government and various influential figures occur and persist on YouTube. You may receive a response if you report content to Facebook, and the offending content may be removed; But it is certain that if you report it on YouTube, the YouTube authorities will do nothing but give a 'Thanks for reporting'. Their community standards are applicable mainly to the US and a few Western countries, with a lack of enforcement for other countries.

Despite claims of using secure apps, countless malicious apps have repeatedly obtained 'safe' certificates and have been attached to the Google Play Store. After significant incidents of security breaches, these apps have been removed. The security system of the Google Play Store has been proven to be quite vulnerable. That’s why several countries have started trying to develop their own OS for smartphones. Even our friendly neighbor India has started the process of building its own smartphone operating system called 'Indu OS' earlier this year.

An unusual trend is observed where, despite various reports and recommendations from relevant authorities in our country regarding Facebook and TikTok, no concerns seem to be directed towards the most risky medium for Bangladesh – YouTube or the potentially harmful apps on Google Play Store. Similarly, there has been no scrutiny or questioning of the apps involved in malpractices that may have had or continue to have agreements with the Mobile Financial Services (MFS) companies in the country.

Take note that every time some MFS organisation or digital payment gateway is used to collect and launder money from victims in fraud. The latest Chinese fraudulent app through which 1500 users have been cheated of about Tk 200 crore, the police have also reported the use of the 'MFS' platform. As a professional journalist, I have conducted my own research and observation on this matter.

About four months back, someone I know informed me that some apps were extorting money from common people by tempting them to play quizzes. Upon delving into the journalistic process of investigation, I discovered links to quiz-playing apps with names like 'Jeeto' and 'Shera' appearing in Google News Feeds.

On Android smartphones, various news links appear in the Google News Feed. This news feed serves as a medium for Google's advertising, whether it be for a quiz competition app named 'Jeeto' or any other app. Clicking on the link in the Google News Feed for the quiz competition app leads to a prompt for payment through the mobile financial service 'bKash.' In other words, to enter this app you have to pay at the beginning! This is indeed evidence of fraud because any legitimate app developer would never immediately prompt you to make a payment. Initially, it would direct you to the Google Play Store, showing you the option for a safe download. After that, it might suggest subscribing, but at no point should there be an immediate payment option!
As part of my investigation, I entered their page with the minimum price package. Interestingly, after making the payment, there was no option for playing on this page. There were only two options—one to invite a new friend and the other to subscribe for playing. Once you pay to enter, there is again a subscription prompt! Finding no option to play, I exited the page from the link. When attempting to re-enter from the Google Feed link, the payment option reappeared.
Therefore, I decided to search for the app on the Google Play Store. Upon searching, I found the 'Jeeto App' and downloaded it. After logging in, I observed the same situation within the app—only options to invite friends and subscribe for oneself. There was a list showing who had played before, but there was no option for playing. Another issue came to light—I noticed a feature in my subscription called 'Auto Renew,' and it is set to renew every week. So, I tried to find the unsubscribe option in the app to quickly unsubscribe, but I couldn't find it.

At one stage of my investigation, I found many comments and statements against this app on a Facebook page. Everyone's complaint was that they couldn't find the option to unsubscribe from the app, and every week, a specific amount was deducted from their bKash MFS (Mobile Financial Services) accounts.

Afterward, contacting the app's support became challenging. However, it was relatively easy for me due to my professional connection with the MFS partner of this app. I contacted the main office of their customer support branch and expressed my concerns in writing. I received written responses from their customer support, and I have taken all of those comments into consideration. Now, let me share an amusing experience before presenting the entire situation.

The app called 'Jeeto,' as I mentioned earlier, initially did not have an unsubscribe option. After several hours of conversation with the bKash customer support, they sent me a link to unsubscribe from the Jeeto app, mentioning that there is an unsubscribe option within the app, which I probably missed. Upon entering the app, I found a prominent unsubscribe link at the bottom of the first page, which was not there before. I had a screenshot of the first page from my previous visit, and upon comparison, I noticed that this link was newly added. Regardless, I was able to successfully unsubscribe using this link.

However, a week later, when I revisited the app, I observed that the unsubscribe link on the first page had disappeared. There is also no option to unsubscribe in the profile section.

Later, I informed the bKash official about the situation. Three days later, I noticed again that within the contact option of the app, the unsubscribe option had been added. The most amusing part is that those who were victims of the fraud with these 'quiz apps' on Facebook were writing on a Facebook page, and after starting the search about the 'Jeeto app,' that Facebook page was also taken down! However, I have kept some screenshots of that page.
The 'unsubscribe' option in the Jeeto app is reminiscent of a similar 'Shera' app with bKash. The situation with these apps is almost the same. I found two more similar apps named 'Quizgiri' and 'Quizmind.' Payment options through bKash are present, and you can start playing quizzes. However, it doesn't end there. In the middle, a 'technical error' occurs, and the game stops. Therefore, anyone participating in the quiz in the hope of winning an attractive prize is left disappointed. I tried to explore the details of the prize winners and their profiles on the leader boards of both apps but couldn't find anything. Instead, clicking on any entry in the leader board reveals the text 'Dubai Verde/Arancio Gradient,' which is actually from an advertisement for sunglasses, translating to 'Copy of Dubai Blue/Pink Gradient.' This text appears opposite the names on the leader board, adding another layer of mystery!
Here is the full statement from Shamsuddin Haider Dalim, head of corporate communications, at bKash:
bKash is a payment platform that operates following the principles and regulations of Bangladesh Bank. It adheres to the policies and guidelines set by Bangladesh Bank. Various businesses and service providers use bKash's payment platform for transactions. Regarding the mentioned quiz platforms, it has been clarified that clicking on the quizzes from the bKash app's screen directly leads customers to the respective service provider's app or website. If a customer wishes to subscribe to any service, they need to subscribe directly through the website or app of the respective service provider. If a subscription is set to auto-renew, it is explicitly mentioned on the first screen. After a customer subscribes, and if they later wish to unsubscribe, information about this option is also provided by the respective service provider's app or website. Customers can find detailed instructions on unsubscribing either by checking the app/webpage or by contacting customer service. Upon seeing this, customers can either unsubscribe themselves or request assistance from customer service.

The information regarding how to unsubscribe from the 'Shara' app is mentioned along with the statement from bKash. Additionally, the process of adding the 'Unsubscribe' option to the Jeeto app is also addressed by the bKash authorities, as written previously.

I would like to conclude based on the statement of bKash authorities. It has been rightly said in this statement that BikashMFS is providing service by following the policy of Bangladesh Bank. What I mean is, there should be a clear and enforceable policy on what type of financial transaction agreement an MFS institution will enter into with any institution. In particular, to add a payment link of an MFS organization to an app, it must first be confirmed who the app developer is, where their address is, how secure the app is and whether they have an account in any bank in Bangladesh, and Bangladesh Bank must have a system of close monitoring of daily transactions. This will reduce the risk of common users being defrauded, ensuring greater accountability for MFS organizations because if digital banking licensed institutions start operations, this kind of financial fraud through apps may increase. For this reason, Bangladesh Bank has to ensure strict policies and surveillance regarding transactions through the app right now.

If you look at 'Jeeto' and 'Shera' apps, then you will also be sure, the main aim of such deceptive-faced apps is to grab user's money from the first time subscription. Because it is sure, no one will subscribe to this app for the second time. Sufficient doubts remain about the security measures of such apps even though they are still available on Google Play Store and can be downloaded as usual. Let there be a proper investigation into these apps. Weaknesses and areas of exploitation should be identified, and in the case of any app associated with an MFIS (Mobile Financial Service) entity, stricter conditions should be imposed.

We can say, users need to be aware. How can fraud be prevented without awareness? User awareness is essential; but it's essential to remember that those who engage in exploitation using apps are often very clever and technologically savvy. Therefore, relying solely on the awareness of regular customers may not be sufficient. The responsible authorities should take the initiative to protect users from fraud by ensuring adequate capability and diligence, not just relying on the awareness of ordinary users.

Author: Journalist and Information Technology Analyst.