The central bank is mulling to introduce stricter cybersecurity policy as the Saturday’s hacking on various ATMs in Kathmandu have exposed significant security vulnerabilities in the Nepali banking system.
The central bank is amending its cyber security directive making banks and financial institutions (BFIs) adopt sophisticated technology to prevent the sporadic cyber and malware attacks in the banking system. Some Chinese nationals stole millions from ATMs of different banks few days ago also due to poor IT security among BFIs to cope with cyber and malware attacks, which is not the first time in Nepal.
The central bank will introduce a few provisions for BFIs related to cyber security as soon as the investigation on Saturday’s banking heist concludes, the central bank said, adding that the BFIs should be aware of such cyber attacks and adopt sophisticated technologies.
The central bank has also formed a probe committee led by head of Department of Payment System at the Nepal Rastra Bank (NRB) Bam Bahadur Mishra to investigate the ATM Freud. “The committee will prepare its preliminary report by midnight today and submit it to the central bank by tomorrow,” he said, adding that the Chinese hackers have withdrawn substantial amount of money from those ATM boths. The central bank has, however, earlier said that the the BFIs have notified the regulator that the hackers have withdrawn Rs 16.87 million in Nepali currency from ATM cards of different banks and Rs 10.5 million Indian Currency (IC) from ATM booths in India through the use of Nepali ATM cards.
The Nepali ATM cards are used in India also.
The Police claimed that it has recovered around Rs 12.63 million from the five Chinese nationals and suspected rest of the cash looted from Nepal have been carried away by absconders.
“But the details of the heist and the amount withdrawn by hackers will be available only after the digital forensic test, which will take more than a week,” Mishra added.
The hackers, according to Police, used electronic cards of at least six banks – NIC Asia, Siddhartha, Janata, Global IME, Prabhu and Sunrise – and used them at ATMs of three banks – Nabil, Nepal Investment and Nepal SBI – to illegally withdraw the money frpm ATM booths as the BFIs failed to conduct periodic security audits, comply with the latest technology and invest adequately in digital security.
Police has arrested a Chinese citizen Zhu Lianang on Saturday night from a Nabil Bank ATM booth in Durbar Marg, while attempting to withdraw cash. Zhu named four other Chinese nationals, who were involved in stealing cash from ATMs by using cloned debit cards to breach processing systems.
Although the central bank has made it mandatory for banks to conduct information security audits, many banks have not been allocating an adequate budget for a proper audit.
Despite banks making record profits year after year, the BFIs are blamed for not investment in digital security. In the last fiscal year, commercial banks made a net profit of over Rs 60 billion, with almost all of them posting net profits of more than Rs 1 billion each, according to the central bank.
Although most banks have transitioned to debit and credit cards with microchips, there are still a few banks that still use magnetic strips in their cards, which poses a vulnerability. Banks fail to follow security protocols for Swift and governance risk compliance systems for the Nepal Electronic Payment Systems (NEPS) – a local interface that allows transactions of money deposited in one bank using cards issued by other member banks – which should also have management oversight and an independent audit system.
Nepali BFIs currently use different types of software including Finacle, Temenos T24 and different editions of Pumori Plus.
The central bank is amending its cyber security directive making banks and financial institutions (BFIs) adopt sophisticated technology to prevent the sporadic cyber and malware attacks in the banking system. Some Chinese nationals stole millions from ATMs of different banks few days ago also due to poor IT security among BFIs to cope with cyber and malware attacks, which is not the first time in Nepal.
The central bank will introduce a few provisions for BFIs related to cyber security as soon as the investigation on Saturday’s banking heist concludes, the central bank said, adding that the BFIs should be aware of such cyber attacks and adopt sophisticated technologies.
The central bank has also formed a probe committee led by head of Department of Payment System at the Nepal Rastra Bank (NRB) Bam Bahadur Mishra to investigate the ATM Freud. “The committee will prepare its preliminary report by midnight today and submit it to the central bank by tomorrow,” he said, adding that the Chinese hackers have withdrawn substantial amount of money from those ATM boths. The central bank has, however, earlier said that the the BFIs have notified the regulator that the hackers have withdrawn Rs 16.87 million in Nepali currency from ATM cards of different banks and Rs 10.5 million Indian Currency (IC) from ATM booths in India through the use of Nepali ATM cards.
The Nepali ATM cards are used in India also.
The Police claimed that it has recovered around Rs 12.63 million from the five Chinese nationals and suspected rest of the cash looted from Nepal have been carried away by absconders.
“But the details of the heist and the amount withdrawn by hackers will be available only after the digital forensic test, which will take more than a week,” Mishra added.
The hackers, according to Police, used electronic cards of at least six banks – NIC Asia, Siddhartha, Janata, Global IME, Prabhu and Sunrise – and used them at ATMs of three banks – Nabil, Nepal Investment and Nepal SBI – to illegally withdraw the money frpm ATM booths as the BFIs failed to conduct periodic security audits, comply with the latest technology and invest adequately in digital security.
Police has arrested a Chinese citizen Zhu Lianang on Saturday night from a Nabil Bank ATM booth in Durbar Marg, while attempting to withdraw cash. Zhu named four other Chinese nationals, who were involved in stealing cash from ATMs by using cloned debit cards to breach processing systems.
Although the central bank has made it mandatory for banks to conduct information security audits, many banks have not been allocating an adequate budget for a proper audit.
Despite banks making record profits year after year, the BFIs are blamed for not investment in digital security. In the last fiscal year, commercial banks made a net profit of over Rs 60 billion, with almost all of them posting net profits of more than Rs 1 billion each, according to the central bank.
Although most banks have transitioned to debit and credit cards with microchips, there are still a few banks that still use magnetic strips in their cards, which poses a vulnerability. Banks fail to follow security protocols for Swift and governance risk compliance systems for the Nepal Electronic Payment Systems (NEPS) – a local interface that allows transactions of money deposited in one bank using cards issued by other member banks – which should also have management oversight and an independent audit system.
Nepali BFIs currently use different types of software including Finacle, Temenos T24 and different editions of Pumori Plus.
No comments:
Post a Comment