Kathmandu, September 3

With the country’s biggest heist in banking sector committed by Chinese nationals who stole millions of rupees from ATMs of different banks a few days ago, Nepal Rastra Bank (NRB) has said it will introduce stricter provisions on cybersecurity.

For this, the central bank is preparing to amend its cyber security directive making banks and financial institutions (BFIs) adopt sophisticated technology to prevent the sporadic cyber and malware attacks in the banking system.

“The recent heist in banking sector has reflected how poor the IT security among BFIs is to cope with such cyber and malware attacks,” said Bam Bahadur Mishra, head of Department of Payment System at NRB, adding the central bank will introduce a few provisions for BFIs related to cyber security as soon as the investigation on Saturday’s banking heist concludes.

As per him, BFIs should be aware of such cyber attacks and adopt sophisticated

technologies.

Mishra, who is also the coordinator of the probe committee formed by the central bank to investigate the recent banking heist, said that the committee will prepare its preliminary report by midnight today and submit it to the central bank by Wednesday noon.

Though Mishra hesitated to reveal preliminary findings of the report, he mentioned that there were some genuine withdrawals of money from those ATM stations used by Chinese hackers and that the total amount to have been withdrawn by hackers might not be as claimed by BFIs and Visa. Based on data provided by BFIs, the central bank had earlier said that Chinese scammers are likely to have withdrawn Rs 16.87 million in Nepali currency from ATM cards of different banks and INR 10.5 million from ATM booths based in India through the use of Nepali ATM cards.

Police have so far recovered around Rs 12.63 million from the five Chinese nationals and rest of the cash looted from Nepal is suspected to have been carried away by absconders. However, the details of the heist and the amount withdrawn by scammers will be available only after the digital forensic test, which NRB has said will take more than a week.

The hackers, according to police, used electronic cards of at least six banks — NIC Asia, Siddhartha, Janata, Global IME, Prabhu and Sunrise — and used them at ATMs of three banks — Nabil, Nepal Investment and Nepal SBI — to illegally withdraw the money in Nepal.