Police make public the Chinese men arrested on the charge of ATM jackpotting, Sunday. Photo Courtesy: Nepal Police
KATHMANDU, Sept 2: Saturday night’s ATM jackpotting has exposed the cyber-security vulnerabilities of the Nepali banking sector.
While banking executives say that they have put in place necessary security measures to protect their banks from cyber-attacks, growing cases of card hacking and cash machine thefts have raised concerns over the robustness of the security system of banking institutions in Nepal.
“They have withdrawn money from the ATMs after stealing information from our banks. As the money cannot be withdrawn in foreign currency abroad using Nepali cards, they came to Nepal to withdraw the money,” Anal Raj Bhattarai, a banking expert, told Republica.
“This case has exposed how vulnerable the IT system of our banking sector is. There is a structural weakness in our IT system and as a result, a hacker can easily infiltrate a computer, software or hardware of our banks and steal money,” he said.
According to the Nepal Rastra Bank (NRB), hackers stole Rs 17.6 million from ATMs in Nepal and Rs 10.5 million Indian rupees from Indian ATMs by using Nepali bank cards.
As banks rely on third parties for critical infrastructures and software, minimum security standards are not followed thereby compromising cybersecurity, he said.
“In order to maintain high-level security and preserve valuable and precious data, banks must choose the best IT system and update their system on a regular basis,” he said.
He also said that the government should set up an information technology regulatory body to supervise all technology service providers and IT-related aspects of financial and non-financial institutions and take necessary steps to improve cyber-security.
Some experts say that growing cyber-attack risks also call for increased investments of banks on making its IT secure and robust.
However, NRB officials say that there is no reason for the public to be panicked from the recent attacks.
“These are some of the sporadic attacks these should make us cautious, but not alarmed. Our banking system is secure as banks have put in place various safety measures to respond or deal with cyber attacks,” said Laxmi Prapanna Niroula, the spokesperson of the NRB. “Banks should also increase their surveillance of ATM kiosks and they should report the central bank and law enforcement agencies if they observe any suspicious transactions,” he added.
Meanwhile, the NRB has formed a five-member committee led by Bam Bahadur Mishra, the chief of Payment Systems Department, to investigate into Saturday’s ATM jackpotting. The committee will submit its findings as well as recommendations to combat possible cyber-attacks, by Wednesday, according to Niroula.