Kathmandu, November 10

Local banks want to assure their clients that they need not worry about the recent ATM fraud incidents reported in the Kathmandu Valley as the cases concern account holders and card holders of foreign banks.

All the cards seized from the Bulgarian, Romanian and Turkish criminals arrested here do not match the data of Nepali citizens. Criminals may have stolen data of accountholders from foreign banks and came to Nepal to withdraw money from ATMs and make transactions from the point of sale (POS) in the country, say officials.

As per the prevailing rules in card payment industry, the issuer is responsible for transactions made on cards that they have issued, and will be responsible for withdrawl of funds from the relevant cardholder’s account, according to Jyoti Prakash Pandey, CEO of Nepal Investment Bank Ltd (NIBL).

This means that there is no financial liability to Nepali banks in such ATM fraud cases because the hacked data as well as the drawn amount was in the holding of the foreign banks.

Bank officials also say that it is wrong to assume the fraud cases occurred due to delay in compliance by concerned authorities.

“The technology adopted here is at par to that in most developed countries and we have fully complied with the Payment Card Industry Data Security Standards,” said Bijendra Suwal, deputy general manager of IT, Cards, Remittances and Product Development at NIBL.

Local banks have already started issuing chip-based EMV cards by replacing magnetic stripe cards and are upgrading the ATMs to be fully chip compliant. However, majority of ATMs are not chip complaint yet. Visa and MasterCard interchanges have given banks and financial institutions a mandate of October 2017 to upgrade all of their ATMs to chip readable machines and banks have said they are moving towards making all of their ATMs chip compliant.

“Even as many developed nations are yet to adopt EMV cards, we have already started the process here,” said Suwal.

The investigation of ATM fraud started on October 8 based on information provided by NIBL after one Australian national complained about unauthorised transactions on his card while he was trekking in Lukla.  Before the trekking, he had last withdrawn money from the ATM of NIBL located in Thamel.

On the basis of the CCTV footage, NIBL informed the Central Investigation Bureau (CIB) of Nepal Police and the bank promptly alerted all other banks (members of Visa and MasterCard).

In the subsequent days, the police were able to nab a number of foreign criminals involved in the ATM fraud and managed to seize hundreds of skimmed cards and advanced devices that may have been used to skim data.

While banks assure that the PIN (personal identification number) and other data of clients of local banks have not been compromised, customers have been advised to adopt some precautionary measures like subscribe to SMS alerts and e-mail alerts and change PIN.

Till date, banks report of having received two cases of possible data breach of Nepali cardholders and the cases are being investigated.

For the moment, Suwal from NIBL has urged clients to promptly ask the bank to block the card if fraud transaction is suspected. NIBL and other Visa and MasterCard member banks have already initiated some precautionary measures since a few weeks back like CCTV monitoring and keeping recordings for at least three months, 24-hour call centre to receive complaints, off-us card withdrawal monitoring, and arrangement of security in the ATMs particularly in the areas of retail markets where daily utility materials are sold.

Similarly, banks have also started physical verification of ATMs every day during cash replenishment because criminals might install hidden camera, additional slot to skim card data, false keypad and other devices and have also urged the card users to check the ATMs properly before using their cards and urged clients not to take help from strangers while using the ATMs.