Shree Paudel

Recent ATM heist in Kathmandu

Nepal Police have become success to arrest the some Chinese national, a French national of Chinese origin and three Nepalese in connection with the country’s biggest cyber heist in the banking sector to steal millions of rupees from ATMs  on September 2  2019.

Nepal Electronic Payment Systems (NEPS), an interface that allows the transaction of money deposited in a bank by using cards issued by other member banks. NEPS has incorporated 11 commercial banks and 7 development banks.

The Chinese hackers had targeted the NEPS for stealing the money from various ATMs. They were using clones  Magnetics debit cards to breach the system to withdraw cash from ATMs.

Up-to-Now, With the recent findings, Malware was set up between NEPS and Visa-  “A proxy switch was created and all the fake payment approvals passed by the proxy switching system”.

The hackers used electronic cards of six banks (NIC Asia, Siddhartha, Janata, Global IME, Prabhu and Sunrise) used them at ATMs of three banks (Nabil, Nepal Investment and Nepal SBI) to illegally withdraw the money from Nepal.

Total of Rs 34.5 million withdrawn illegally including INR 10.5 Million from India. The hackers used debit cards 700 times to withdraw money from ATMs compromising NEPS.

Though some Chinese nationals arrested for using clones debit cards to breach the bank’s system to withdraw cash from ATMs. Police arrested them from Maya Manor Boutique Hotel in Hattisar; confiscated Rs. 12.60 million, $10,000 along with 132 forged VISA debit cards, 17 authentic VISA cards a data card with six mobile and laptop.  But still two of them are out of control.

Moreover, NEPS, Police department, NRB and other forensic experts hired from Singapore working together to find the details of hacking.

Central Bank Reaction

The central bank assured the public that the money stolen by backers did not belong to any customers.

NRB three-point directives 

With the recent ATM heist,  Our NRB (Central Bank of Nepal) issued three-point directives  to bank and financial institutions (BFIs). To address and manage internal and external associated risks in use of information technology (IT). The directive is for strengthening technical capacities, proactive measures and CAPEX for the ease and smooth operation in secure environment.

NEPS Reaction

Prabin Prakash Chhetri, CEO of NEPS, said  that the hackers had used fake magnetic stripe cards to withdraw the money in the name of Nepali customers.

“The forensic report will reveal where the fault lies weather in Switch, CBS, and ATMs, he added.

In the meantime, NEPS requested customers of the bank to use their own issuer bank’s ATM/POS machines for a few days. There is no Inter-banking transactions facilities for now.

furthermore, This scam reminds me the  Cosmos Bank hacking in Pune, India.

Finally, this incident has brought to the severe concerns related to the security of Nepal’s banking system.

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!