The central bank has urged banks and financial institutions (BFIs) to switch to chip-based cards within three months, and also lowered the withdrawal limits from the ATMs.
Releasing a study report today, the central bank said the recent ATM hacking scam – when the Chinese hackers withdrew millions of rupees from ATM kiosks of different banks and due to lapses in security in the banking system – had occurred through the use of magnetic stripe cards and BFIs should replace the cards with chip-based cards within three months.
Acting on the recommendation of the report, the central bank has also suggested that all devices, such as PSO machines and ATMs, be made chip readable within three months and BFIs and Payment System Operators/Payment Service Providers must have 24/7 security surveillance.
The central bank today has also lowered the withdrawal limit – on the recommendation of the report – from ATMs to Rs 20,000 from Rs 25,000 on a single transaction and to Rs 60,000 from Rs 100,000 in a day.
The central bank has also directed BFIs to conduct vulnerability assessment and penetration testing within six months and to audit their card-related information systems every year BFIs and PSOs/PSPs must also build strong information technology infrastructure and privilege access management system and follow the payment card industry and data security standard in the ATM switch and audit every six months.
Earlier the central bank had formed a taskforce to probe the cyber attack on the banking sector under the coordination of Nepal Rastra Bank’s executive director Bam Bahadur Mishra. The committee reported that the Chinese hackers withdrew Rs 18.9 million from 68 ATMs of 17 banks in Nepal and Rs 35.8 million siphoned off through 132 ATMs of 24 banks in India. “The amount is just a preliminary figure and the exact amount that was withdrawn will be determined only after the central bank receives a report from the forensic expert team from Singapore that has been working on it,” the report reads, indicating that the fraud took place between Visa and Nepal Electronic Payment System’s (NEPS) switching system. The committee has also recommended short-term and long-term measures, apart from asking the central bank to lower the withdrawal limit from ATMs. “The ATM booths should also be insured,” it adds. “The concrete details of the banking fraud will come only after the expert team from Singapore submits the forensic test report. The team has already started its work and will finalise details by next week.”
Releasing a study report today, the central bank said the recent ATM hacking scam – when the Chinese hackers withdrew millions of rupees from ATM kiosks of different banks and due to lapses in security in the banking system – had occurred through the use of magnetic stripe cards and BFIs should replace the cards with chip-based cards within three months.
Acting on the recommendation of the report, the central bank has also suggested that all devices, such as PSO machines and ATMs, be made chip readable within three months and BFIs and Payment System Operators/Payment Service Providers must have 24/7 security surveillance.
The central bank today has also lowered the withdrawal limit – on the recommendation of the report – from ATMs to Rs 20,000 from Rs 25,000 on a single transaction and to Rs 60,000 from Rs 100,000 in a day.
The central bank has also directed BFIs to conduct vulnerability assessment and penetration testing within six months and to audit their card-related information systems every year BFIs and PSOs/PSPs must also build strong information technology infrastructure and privilege access management system and follow the payment card industry and data security standard in the ATM switch and audit every six months.
Earlier the central bank had formed a taskforce to probe the cyber attack on the banking sector under the coordination of Nepal Rastra Bank’s executive director Bam Bahadur Mishra. The committee reported that the Chinese hackers withdrew Rs 18.9 million from 68 ATMs of 17 banks in Nepal and Rs 35.8 million siphoned off through 132 ATMs of 24 banks in India. “The amount is just a preliminary figure and the exact amount that was withdrawn will be determined only after the central bank receives a report from the forensic expert team from Singapore that has been working on it,” the report reads, indicating that the fraud took place between Visa and Nepal Electronic Payment System’s (NEPS) switching system. The committee has also recommended short-term and long-term measures, apart from asking the central bank to lower the withdrawal limit from ATMs. “The ATM booths should also be insured,” it adds. “The concrete details of the banking fraud will come only after the expert team from Singapore submits the forensic test report. The team has already started its work and will finalise details by next week.”
No comments:
Post a Comment