That Nepali banks are the target of hackers time and again means security in the banking sector is not up to the mark

The ease with which a team of Chinese nationals stole millions of rupees from several ATMs in Kathmandu last weekend by hacking into the electronic payment system raises serious concern about the security adopted by our banking system. In what is the country’s biggest cyber heist in the banking sector, Nepali banks are said to have lost more than Rs 35 million, of which about Rs 12.63 million has been recovered. Police have arrested six Chinese so far. Two others are still at large. The money was withdrawn between 11 in the morning and 4:30 in the afternoon on Saturday, when the first of the Chinese hackers was arrested red handed in the act. The Chinese hackers had arrived here on Friday and were scheduled to fly home on Monday. According to Nepal Rastra Bank, the central bank, hackers also withdrew INR 12.4 from various ATMs in India using debit cards issued by Nepali banks.

The Chinese nationals would have made good their escape were it not for an alert staff of Nabil Bank, who noticed that two of its ATMs had run out of cash by Saturday though they had been replenished with Rs 2.5 million each only a day before. Normally Saturdays and public holidays see fewer transactions, leaving plenty of cash in the machines. An equally dutiful police had swung into action to nab the culprits upon being informed by the Nabil Bank staffers. The Chinese nationals had withdrawn money using forged Visa cards of at least six banks and used them in the ATMs owned by Nabil, Nepal Investment and Nepal SBI banks. The miscreants are said to have hacked into the Nepal Electronic Payment System, a shared card switching system of 17 banks, by injecting malware into it to empty the ATMs. The ATMs release cash only after member banks give approval. In the heist on Saturday, the malware apparently gave the ATMs the instruction to release the cash before the request to withdraw cash could reach the member banks.

This is not the first time hackers have succeeded in withdrawing cash from the ATMs in Kathmandu, before being arrested, of course. Nationals from east European countries have been held for hacking bank card PINS to steal money from others’ accounts. A Nepali bank was a victim of money transfers from its accounts worth more than $4 million via fraudulent SWIFT interbank messages. As the probe into the latest cyber heist releases more details, the police will have a lot of catching to do. The Chinese nationals must have many accomplices in the country. And the mastermind behind the operations is said to be operating from outside the country. So he must be located and held. That Nepali banks are the target of hackers time and again means security in the banking sector is not up to the mark. That the Nepal Electronic Payment System could not detect the malware injected into it shows serious lapses. A hacker has only to make one successful operation, and it could drain a bank of millions of rupees besides eroding the depositors’ trust in it. Maybe it is time to question if the guidelines set by the central bank are capable of addressing the challenges regarding cyber attacks in the banking sector.

Take punitive action

Many of the private medical colleges across the country are charging extra fees from MBBS students although the Ministry of Education and Nepal Medical Council (NMC) have told them not do so and return the extra fees that they have raised from them. This is a serious violation of the rules introduced by the government. As per the rules, the medical colleges in the Kathmandu Valley can charge no more than Rs 38.5 lakhs per student while the colleges outside the Valley can charge not more than 42 lakhs per student. However, the students complain that they were charged extra fees under different headings, such as annual fee, library fee, transportation fee and field visits.

Meanwhile, a sub-panel of the parliamentary Education and Health Committee submitted its findings to the full committee on Sunday, recommending various measures to control such illicit practice. Earlier, NMC had found that Gandaki Medical College had collected additional fees from its MBBS students. As the parliamentary sub-panel has submitted its report to the full committee, no stone should be left unturned to take punitive action against those medical colleges fleecing the MBBS students. The government should protect the right of the students.