The service provider interface that allows the transaction of money deposited in a bank by using cards issued by other member banks, Nepal Electronic Payment System (NEPS) has halted inter-banking transaction through ATMs within its network after the hacking by Chinese nationals that caused many banks to limit cross banking transactions.
The central bank also confirmed that the NEPS has temporarily stopped the service of cross banking transactions via ATM cards due to the undergoing investigation. NEPS – a common e-payment switching platform of 18 BFIs – has also urged ATM card users within its network to use ATM cards only at their respective banks’ ATM. Likewise, the company – that has been handling electronic payment systems of 11 commercial banks including Prabhu Bank, Machhapuchchhre Bank, Siddhartha Bank, NIC Asia Bank, Prime Bank, Global IME Bank, Sunrise Bank, Janata Bank, Citizens Bank, Bank of Kathmandu, Nepal Bangladesh Bank, and seven development banks including Deva Bikas Bank, Om Development Bank, Sangrila Development Bank, Lumbini Development Bank, Jyoti Bikas Bank, Shine Resunga Development Bank and Excel Development Bank – has also clarified that Saturday’s banking heist has not affected deposits of any customer in any of its member banks.
Likewise, NEPS receives e-payment service from Sunrise Bank and offers service to Sunrise Bank, Machhapuchchhre Bank, Janata Bank, Siddhartha Bank, Citizens Bank, NIC Asia Bank, Bank of Kathmandu, Prime Bank and Nepal Bangladesh Bank.
According to the central bank, two companies – Smart Choice Technologies (SCT) and Nepal Electronic Payment System (NEPS) – have been handling electronic payment systems of a majority of commercial banks in Nepal.
While SCT receives e-payment service from Himalayan Bank, it is offering payment services to Agricultural Development Bank, Civil Bank, Everest Bank, Himalayan Bank, Laxmi Bank, Mega Bank, Nabil Bank and NMB Bank. Global IME Bank and Prabhu Bank use both SCT and NEPS for e-payment services.
Similarly, Nepal Investment Bank provides e-payment service to Nepal Bank, Nepal SBI Bank, Kumari Bank, Century Bank, Sanima Bank, Rastriya Banijya Bank and NCC Bank. Standard Chartered Bank has its own electronic payment systems. Also, five banks – Nepal Investment, Nabil, Himalayan, Standard Chartered and Sunrise – are principal members of Visa.
The Chinese hackers – on Saturday afternoon – tried to steal millions of rupees from several ATMs in Kathmandu using malware attacks. During the malware attack, a proxy switch was created and all the fake payment approvals were passed by the proxy switching system. The hackers used electronic cards of at least six banks – NIC Asia, Siddhartha, Janata, Global IME, Prabhu and Sunrise – and used them at ATMs of three banks – Nabil, Nepal Investment and Nepal SBI – to illegally withdraw the money.
The Chinese hackers had used fake cards to spoof the link of NEPS with the software used by Visa card and software with banks. The cloned card had verified all the details of the bank’s customers on its own and allowed the hackers steal money from the vending machines.
Though, the police have nabbed six Chinese nationals and four Nepalis and recovered approximately Rs 12.63 million, the banks, payment switching provider and the police are yet to determine the exact amount they stole from the ATMs.
The NEPS chief executive officer Prabin Prakash Chhetri said that the hackers had used fake magnetic stripe cards to withdraw the money in the name of Nepali customers. But the money parked by the customers is not affected.
Banks are using both chip-based Europay, MasterCard and Visa (EMV) cards and also magnetic stripe cards for electronic transactions as the ATM machines accept both types of cards, though central bank has been asking the BFIs to change into chip-based cards. Most of the BFIs have also started using the chip-based cards, though the technology is in transition, of which the Chinese hackers took advantage.
Chhetri, however, said that NEPS has hired a forensic expert from Singapore for further investigation. A digital forensic analyst is an expert who explores the causes behind high level cyber crimes. The forensic expert will analyse digital footprints left by the hackers by assessing the server details, user id platform and browser history, among others to collect evidence of possible loopholes.
The central bank also confirmed that the NEPS has temporarily stopped the service of cross banking transactions via ATM cards due to the undergoing investigation. NEPS – a common e-payment switching platform of 18 BFIs – has also urged ATM card users within its network to use ATM cards only at their respective banks’ ATM. Likewise, the company – that has been handling electronic payment systems of 11 commercial banks including Prabhu Bank, Machhapuchchhre Bank, Siddhartha Bank, NIC Asia Bank, Prime Bank, Global IME Bank, Sunrise Bank, Janata Bank, Citizens Bank, Bank of Kathmandu, Nepal Bangladesh Bank, and seven development banks including Deva Bikas Bank, Om Development Bank, Sangrila Development Bank, Lumbini Development Bank, Jyoti Bikas Bank, Shine Resunga Development Bank and Excel Development Bank – has also clarified that Saturday’s banking heist has not affected deposits of any customer in any of its member banks.
Likewise, NEPS receives e-payment service from Sunrise Bank and offers service to Sunrise Bank, Machhapuchchhre Bank, Janata Bank, Siddhartha Bank, Citizens Bank, NIC Asia Bank, Bank of Kathmandu, Prime Bank and Nepal Bangladesh Bank.
According to the central bank, two companies – Smart Choice Technologies (SCT) and Nepal Electronic Payment System (NEPS) – have been handling electronic payment systems of a majority of commercial banks in Nepal.
While SCT receives e-payment service from Himalayan Bank, it is offering payment services to Agricultural Development Bank, Civil Bank, Everest Bank, Himalayan Bank, Laxmi Bank, Mega Bank, Nabil Bank and NMB Bank. Global IME Bank and Prabhu Bank use both SCT and NEPS for e-payment services.
Similarly, Nepal Investment Bank provides e-payment service to Nepal Bank, Nepal SBI Bank, Kumari Bank, Century Bank, Sanima Bank, Rastriya Banijya Bank and NCC Bank. Standard Chartered Bank has its own electronic payment systems. Also, five banks – Nepal Investment, Nabil, Himalayan, Standard Chartered and Sunrise – are principal members of Visa.
The Chinese hackers – on Saturday afternoon – tried to steal millions of rupees from several ATMs in Kathmandu using malware attacks. During the malware attack, a proxy switch was created and all the fake payment approvals were passed by the proxy switching system. The hackers used electronic cards of at least six banks – NIC Asia, Siddhartha, Janata, Global IME, Prabhu and Sunrise – and used them at ATMs of three banks – Nabil, Nepal Investment and Nepal SBI – to illegally withdraw the money.
The Chinese hackers had used fake cards to spoof the link of NEPS with the software used by Visa card and software with banks. The cloned card had verified all the details of the bank’s customers on its own and allowed the hackers steal money from the vending machines.
Though, the police have nabbed six Chinese nationals and four Nepalis and recovered approximately Rs 12.63 million, the banks, payment switching provider and the police are yet to determine the exact amount they stole from the ATMs.
The NEPS chief executive officer Prabin Prakash Chhetri said that the hackers had used fake magnetic stripe cards to withdraw the money in the name of Nepali customers. But the money parked by the customers is not affected.
Banks are using both chip-based Europay, MasterCard and Visa (EMV) cards and also magnetic stripe cards for electronic transactions as the ATM machines accept both types of cards, though central bank has been asking the BFIs to change into chip-based cards. Most of the BFIs have also started using the chip-based cards, though the technology is in transition, of which the Chinese hackers took advantage.
Chhetri, however, said that NEPS has hired a forensic expert from Singapore for further investigation. A digital forensic analyst is an expert who explores the causes behind high level cyber crimes. The forensic expert will analyse digital footprints left by the hackers by assessing the server details, user id platform and browser history, among others to collect evidence of possible loopholes.
No comments:
Post a Comment