New instructions come in the wake of recent ATM heist
KATHMANDU, Sept 11: Nepal Rastra Bank (NRB) has issued a three-point directive to bank and financial institutions (BFIs) for addressing and managing internal and external risks in use of information technology (IT).
Releasing a circular on Tuesday, the central bank has told BFIs to pursue three measures to prevent cyber attack or other security breaches of their IT system. The central bank has instructed BFIs to strengthen their technical capacities like perimeter defense, access control, encryption, antivirus and firewall, update them regularly, and verify the genuineness of their system adopted for payment order and other service deliveries.
The measures advised by the central bank is aimed at curbing risks of data loss and theft, and denial of services caused from cyber attack, malware virus and ransomware along with other external threats like spam, phishing and spoofing through website, mobile application, official social media networks and IT system.
Stating that there have been attempts to infiltrate the systems of banks from unauthorized people or places by placing fake order or correspondences, the central bank has also instructed BFIs to carry out regular monitoring and reporting of their systems and share information of any incident or attack to the respective agencies.
The central bank also told BFIs to prepare Preventive, Detective and Responsive IT Security Strategy and carry out security audit of IT systems regularly in line with the international best practices, and also proactively work for raising awareness and capacity development of their users and staffers.
The central bank's diktat comes in the wake of recent ATM heist in Kathmandu. According to preliminary findings of the NRB, a group of hackers has stolen over Rs 18.9 million by hacking the payment switch of Nepal Electronic Payment System (NEPS) through use of cloned debit and credit cards of 17 member banks of the NEPS that use Visa system. Similarly, IRs 1.05 million was stolen in India from six commercial banks of Nepal on the same day, according to the NRB.
Earlier on Tuesday, the NRB summoned CEOs of BFIs to discuss about security measures for warding off any cyber attack or threats to the IT system. During the meeting, NRB Governor Chiranjibi Nepal also reportedly instructed CEOs to keep vigil over their systems particularly during the festive season.
As part of security measures, the central bank lowered the maximum limit for cash withdrawal using debit card last Thursday. The NRB has already told BFIs to lower their withdrawal ceiling to Rs 20,000 per transaction from Rs 25,000. With the new rule in place, debit cardholder of any BFI will not be allowed to withdraw more than Rs 20,000 from ATM kiosk in a single transaction. Similarly, the central bank has also slashed the maximum single-day withdrawal limit by Rs 40,000.