NCHL Urges Digital Users to Stay Alert: Never Share Your OTP, PIN, or Login Credentials
13th November 2025, Kathmandu
Nepal Clearing House Limited (NCHL) has issued a critical and timely reminder to all digital banking users: “Sharing is caring, but not everything is meant to be shared, especially your OTP, PIN, or login credentials.”
NCHL Urges to Stay Alert
This straightforward yet powerful message underscores the rising urgency for cybersecurity awareness in Nepal’s rapidly expanding digital economy. As platforms like ConnectIPS, NCHL-ECC, and National Payment Interface (NPI) become central to the lives of millions, the onus is increasingly falling on individual users to act as the first line of defense against cyber threats.
The digital transformation driven by NCHL has brought unprecedented convenience, allowing for seamless fund transfers, utility payments, and real-time banking. However, this growth has also unfortunately created a fertile ground for sophisticated online fraud and phishing attempts. The core of NCHL’s campaign is to instill the non-negotiable principle of protecting one’s unique digital keys: the One-Time Password (OTP), the Personal Identification Number (PIN), and all login credentials. These are the exclusive authenticators of your financial identity and must be treated as strictly private information that should never be revealed under any circumstances.
The Critical Role of OTP, PIN, and Credentials in Digital Security
In the modern digital payment ecosystem, OTPs, PINs, and passwords serve as the layers of a financial fortress. The reason NCHL’s message is so vital lies in understanding the function of each element:
One-Time Password (OTP): This is a unique, automatically generated numeric or alphanumeric string used for single-transaction authentication. Its ephemeral nature is what makes it secure; it verifies that the person initiating the transaction is in possession of the registered mobile device or email. If a scammer has your OTP, they have been granted the final key to complete an unauthorized transaction. This is the ultimate red flag in any communication.
Personal Identification Number (PIN): Used primarily with physical debit or credit cards at ATMs and POS terminals, the PIN is the long-term, secret code that authorizes physical transactions. Sharing a PIN is equivalent to giving away your wallet, granting unfettered access to your funds. The rise of vishing (voice phishing) scams often targets this exact information.
Login Credentials (Username/Password): These are the primary keys to your online banking, mobile banking, or ConnectIPS account. Unlike a transient OTP, compromised credentials grant the fraudster continuous, unauthorized access to your entire account, enabling them to change settings, view statements, and execute multiple fraudulent transactions over time.
NCHL, as the nation’s premier payment system operator, emphasizes that no legitimate representative—be it from NCHL itself, your bank, a payment company, or even a government agency—will ever call, email, or message you to ask for this confidential information. Any request for your OTP, PIN, or password is a definitive sign of an attempted scam.
Identifying and Defeating Common Cyber Scams in Nepal
The vigilance NCHL calls for is necessary because cybercriminals employ several cunning tactics to trick users out of their confidential data. Being able to recognize these common scams is the most effective way to stay safe:
Phishing and Vishing Attacks: Phishing often uses fraudulent emails or websites that perfectly mimic trusted financial institutions to trick you into entering your login details. Vishing involves fake phone calls where the fraudster impersonates a bank official, creating a false sense of urgency or claiming a security issue to emotionally manipulate you into disclosing your OTP or PIN over the phone. Remember, no emergency justifies sharing your secret codes.
Advertisement
Fake Lottery or Prize Scams: Users receive messages claiming they have won a substantial amount, but to process the ‘prize,’ they must first pay a small ‘fee’ or ‘tax’ by sharing their banking details or OTP. If an offer seems too good to be true, it is, almost without exception, a scam. Genuine financial institutions do not operate through unsolicited lottery messages.
Fraudulent Websites and Social Media Pages: Scammers create replica websites or social media accounts for banks and payment systems. These are designed to capture your login information when you try to use them. Always check the URL in your browser to ensure you are on the official, secure website with the correct address and HTTPS protocol.
The Pillars of Staying Safe: NCHL’s Essential Cybersecurity Practices
NCHL’s campaign is not just about warnings; it’s about providing actionable security habits. Adopting these practices transforms a passive user into an active cyber defender:
Non-Sharing Policy: Make it a personal, unbreakable rule: never share your PIN, OTP, or password with anyone.
Digital Hygiene: Regularly update all banking apps and operating system software. Updates often contain critical security patches that close vulnerabilities cybercriminals exploit. Additionally, install and maintain reputable antivirus software on your devices.
Password Strength: Abandon weak, easily guessable passwords (like dates of birth or names). Use strong, unique passwords for every account, combining uppercase and lowercase letters, numbers, and symbols. Changing them frequently adds an extra layer of difficulty for potential hackers.
Link Vigilance: Be hyper-cautious of unsolicited links or attachments, even if they appear to come from a known sender. Phishing links can install malware that secretly records your keystrokes and steals your information.
Account Monitoring: Check your account statements and transaction history regularly. Detecting an unauthorized, small transaction early can prevent a much larger loss later on. If you see anything suspicious, immediately report it to your bank.
The Future of Secure Digital Banking
The expansion of digital payment systems in Nepal, spearheaded by institutions like NCHL through products such as ConnectIPS, is a powerful driver of economic progress. However, this convenience is built on a foundation of user trust and security. NCHL’s continuous collaboration with the banking sector and the regulator, Nepal Rastra Bank (NRB), ensures a resilient payment infrastructure.
Ultimately, the power to maintain a safe digital environment rests with every user. The simple choice to “Stay Alert, Stay Safe, Stay Secure” by adhering to NCHL’s non-sharing rule is the most effective defense against the growing wave of cybercrime. By prioritizing the protection of your digital identity, you not only safeguard your own finances but also contribute to the overall trust and security of Nepal’s entire digital banking ecosystem. The lesson is clear: for a vibrant, trustworthy digital economy to thrive, the most confidential piece of information, your authentication code, must remain absolutely secret.
For More: NCHL Urges to Stay Alert
