Bank Accused of Intimidating Customer
A major security breach and financial irregularity has been reported involving the unauthorized transfer of Rs. 13 million from a ‘Money Market’ account maintained at the Mount Lavinia branch of Nations Trust Bank (NTB). According to reports by Sri Lanka Mirror, the aggrieved account holder has already lodged a formal complaint with the Criminal Investigation Department (CID) regarding the incident.
Unauthorized Transactions Executed in Under an Hour
The anomalous transactions occurred on the afternoon of March 26th, within a brief window of less than an hour. During this period, the Rs. 13 million was routed via the CEFTS (Common Electronic Fund Transfer Switch) network to accounts held at Dialog Finance and LOLC Finance. This was executed entirely without the account holder’s authorization, knowledge, or prior notification.
The Bank’s Response and Disclaimer of Liability
When Sri Lanka Mirror inquired about the incident, Mr. Laksiri de Silva, the Manager of the NTB Mount Lavinia branch, acknowledged the issue. However, he declined to provide further details, citing banking secrecy regulations that prohibit the disclosure of client information to third parties.
Nevertheless, in its official written response to the customer’s complaint, the bank maintained the following:
- All transactions were executed via the Mobile Banking application using the customer’s correct User ID and Password.
- System logs verify that the transactions originated exclusively from the registered device (Device ID).
Categorically denying any system vulnerability or technical failure on its end, the bank suggested the breach likely resulted from an external party gaining unauthorized access to the customer’s mobile phone (a ‘device takeover’). Consequently, the bank formally notified the customer that it “is not in a position to assume liability” for the financial loss, advising them to pursue the matter through law enforcement authorities.
The Technical Anomaly: Breaching the Rs. 5 Million Limit
Despite the bank’s efforts to disclaim responsibility, a critical technical anomaly regarding transaction limits remains unaddressed. Given that the maximum permissible daily online transfer limit for the account in question was strictly capped at Rs. 5 million, the execution of a Rs. 13 million transfer raises severe regulatory and technical concerns. This unprecedented breach casts significant doubt on the robustness of the bank’s cybersecurity infrastructure and its internal control mechanisms.
Allegations of Intimidation to Suppress Information
Citing reliable sources, Sri Lanka Mirror further reports that the bank has allegedly threatened the account holder, demanding the immediate removal of a social media post detailing the financial loss. It is a matter of grave concern that, rather than initiating a rigorous internal audit into how its own system parameters were bypassed, the financial institution appears to be prioritizing the suppression of the customer’s public grievances.