Wednesday, September 4, 2019, Kathmandu
ATMs ROBBERY GOT CAUGHT IN NEPAL, ALL ABOUT MALWARE’S GAME OR A CHALLENGES TO BANKING SECURITY? Information Technology, for all it has to offer, can sometimes be a challenge. Recently, five Chinese nationals were arrested for using clones debit cards to breach the bank’s system to withdraw cash.
On Saturday night from a Nabil Bank ATM booth in Durbar Marg, Zhu Lianang was arrested while trying to withdraw money. Upon questioning, a Chinese national Zhu, named four other people who were involved with him, Lin Jianmeng, Luo Jialei, Zhu Liangang, Qiu- Yunqing and Chen Bin Bin.
A police force deployed from the Metropolitan Police Range, Kathmandu arrested Zhu as per the report from Nabil Bank staffs when suspicious activities took place. Later, police raided Maya Manor Boutique Hotel in Hattisar and confiscated Rs. 12.60 million and around $10,000 along with 132 forged VISA debit cards,17 authentic VISA cards a data card with six mobile and laptop.
This is an indeed alarming incident that entire banking associations should worried and take preventive mechanism for this. The event raises many questions, few of them is addressed below:
What Hackers did and were planning?
They arrived in Nepal on 30th August and were planning to flee to their home country on 2nd September according to their visa cards. They had electronic cards of at least six banks- NIC Asia, Siddhartha, Janata, Global IME, Prabhu, and Sunrise. The hacker injected malware into Nepal Electronic Payment System, a shared card switching system of 17 banks, to drain the cash from the ATMs. NEPS was established by a group of Nepali banks to process cash withdrawal requests. It carries a message sent by issuers of electronic cards, such as VISA, to member banks, whose tickets are used for cash withdrawals. ATMs emit cash only after member banks approve. In the latest cyber heist, the malware gave ATMs the instruction to issue some money before the request to withdraw some money could reach the member bank.
The malware permitted Chinese hackers to steal the money in the ATMs without debiting bank accounts to depositors. Nepal Bankers’ Association President Gyanendra Prasad Dhungana said. This means the cash was not taken from reports of depositors but the vaults of ATMs.
Prabhu Bank CEO Ashok Sherchan said, “Normally, ATMs get lesser visitors on Saturdays and other public holidays. But two booths of Nabil Bank were emptied in a short duration, which drew the attention of bank staffers, who then informed about the incident to police.
The hackers had planned to flee as soon as they finished collecting money but got caught by the Police. Further investigation on hackers regarding why they choose Nepal. Does that mean Nepal is increasingly becoming a target for hackers? Or Nepal is failing to upgrade digital security measure.
CENTRAL BANK REACTS
We all know that ATM crime and fraud does cost the banking industry a lot. The central bank on Sunday assured the public that the amount of society was safe that the money stolen by backers did not belong to any customers.
Laxmi Prapanna Niroula, Spokesperson for the NRB, said, “The thieves had withdrawn the money that the banks had kept in the cash machines.”
The total stolen amount could be between Rs 30 million to 40 million, according to the central bank. The hackers were found to have used microchips to malfunction the ATM system. “As all these transactions cannot be seen in the core banking system of Nepal, we are yet to get details of this scam,” said Niraula. The central bank said that it had enforced a separate regulation to prevent such incidents.
“We have started an investigation,” added Niraula. “It will take a few some time to ascertain the total amount of money the hackers have managed to steal and other details.
WHY NEPAL?
This isn’t the 1st time that hackers have stolen cash from Nepali ATMs. Such an incident takes place in various countries. This might take place because the bank’s fraud detection mechanism is non- existent. There is not a red alert system when unusual overseas transactions take place at a short period. At the same time, banking security should also work to mitigate such activities.
Such acts of hacker’s ability to get money should be considered as a severe problem. What if they came to Nepal and fled to their country without leaving a trace?
Nepal Electronic Payment System (NEPS), a leading technology solutions provider announces all the banks, customers, to provide proper security of data and cards in coming days. It has also said customers of the bank to use their ATM/POS in a respective machine for a few days. It has assured all the customers that all the money of their accounts are safe.