Recent ATM heist in Kathmandu
Nepal Police have become success to arrest the some Chinese national, a French national of Chinese origin and three Nepalese in connection with the country’s biggest cyber heist in the banking sector to steal millions of rupees from ATMs on September 2 2019.
Nepal Electronic Payment Systems (NEPS), an interface that allows the transaction of money deposited in a bank by using cards issued by other member banks. NEPS has incorporated 11 commercial banks and 7 development banks.
The Chinese hackers had targeted the NEPS for stealing the money from various ATMs. They were using clones Magnetics debit cards to breach the system to withdraw cash from ATMs.
Up-to-Now, With the recent findings, Malware was set up between NEPS and Visa- “A proxy switch was created and all the fake payment approvals passed by the proxy switching system”.
The hackers used electronic cards of six banks (NIC Asia, Siddhartha, Janata, Global IME, Prabhu and Sunrise) used them at ATMs of three banks (Nabil, Nepal Investment and Nepal SBI) to illegally withdraw the money from Nepal.
Total of Rs 34.5 million withdrawn illegally including INR 10.5 Million from India. The hackers used debit cards 700 times to withdraw money from ATMs compromising NEPS.
Though some Chinese nationals arrested for using clones debit cards to breach the bank’s system to withdraw cash from ATMs. Police arrested them from Maya Manor Boutique Hotel in Hattisar; confiscated Rs. 12.60 million, $10,000 along with 132 forged VISA debit cards, 17 authentic VISA cards a data card with six mobile and laptop. But still two of them are out of control.
Moreover, NEPS, Police department, NRB and other forensic experts hired from Singapore working together to find the details of hacking.
Central Bank Reaction
The central bank assured the public that the money stolen by backers did not belong to any customers.
NRB three-point directives
With the recent ATM heist, Our NRB (Central Bank of Nepal) issued three-point directives to bank and financial institutions (BFIs). To address and manage internal and external associated risks in use of information technology (IT). The directive is for strengthening technical capacities, proactive measures and CAPEX for the ease and smooth operation in secure environment.
Prabin Prakash Chhetri, CEO of NEPS, said that the hackers had used fake magnetic stripe cards to withdraw the money in the name of Nepali customers.
“The forensic report will reveal where the fault lies weather in Switch, CBS, and ATMs, he added.
In the meantime, NEPS requested customers of the bank to use their own issuer bank’s ATM/POS machines for a few days. There is no Inter-banking transactions facilities for now.
furthermore, This scam reminds me the Cosmos Bank hacking in Pune, India.
Finally, this incident has brought to the severe concerns related to the security of Nepal’s banking system.
Shree is based in Butwal, Nepal. Shree holds a degree in M.Sc. (IT) and began working at New Horizons, Nepal Center in 2007-2012. After that Shree contributes to various reputed firms in Kathmandu with his years’ of experiences in Teaching, IT administration, Management and Consulting Services especially in Payment/Software industries (IT infrastructures and Security solution). Check about page for details!