10th October 2025, Kathmandu
The public notice issued by Rastriya Banijya Bank on October 10, 2025, serves as a crucial warning to its customers regarding the escalating threat of financial scams, particularly those involving impersonation and phishing.
Rastriya Banijya Bank Alert
This advisory highlights the bank’s commitment to customer safety and provides essential clarity on the difference between legitimate and fraudulent communication.
In-Depth Analysis of the RBB Security Alert
The core message of the Rastriya Banijya Bank’s (RBB) alert is a definitive clarification on its policy regarding the collection of confidential customer data. This is the single most important defense against the most common types of financial fraud.
Key Takeaway: The Official Communication Protocol
RBB explicitly states that no bank employee or authorized representative will ever request confidential information through unsolicited communication channels like phone calls, emails, or social media messages. This is the fundamental rule every customer must internalize.
Type of Information NEVER Requested by RBB Staff Fraudulent Tactic Used by Scammers
- ATM or debit card PIN numbers claiming the card is blocked or needs immediate ‘activation.’
- OTP (One-Time Passwords) Claiming an account transaction is pending and needs verification via OTP.
- Mobile banking or e-banking credentials claiming the account has a security issue or needs an urgent ‘software update.’
- Email passwords or personal security codes, offering fake prize claims or financial schemes that require ‘registration.’
Context of Growing Financial Scams in Nepal
The RBB warning is timely, given the rising tide of digital and social engineering scams prevalent in Nepal, as identified by security reports and other financial institutions. The fraudulent tactics described in the bank’s warning directly reflect common threats:
Common Scams Targeting Bank Customers
- Phishing and OTP Scams (Impersonation): This is the exact threat RBB is cautioning against. Fraudsters masquerade as bank staff to steal sensitive credentials, typically by creating a sense of urgency or claiming a problem with the victim’s account that only they can “fix” by obtaining an OTP or password.
- Investment Scams: Scammers lure victims with promises of exceptionally high, quick returns through fake platforms (often promoted via social media or messaging apps like Telegram/WhatsApp), which disappear once the money is transferred. These fake schemes are often designed to target a broad range of middle-class victims with seemingly legitimate small to moderate investment amounts (e.g., Rs. 15,000 to Rs. 100,000 in Nepal, as per recent reports).
- Lottery and Gift Scams: Victims are notified of a prize or lottery win but are required to pay an “advance fee” or “tax/processing charge” before the nonexistent prize can be released. The request for an upfront payment for a benefit is a classic red flag.
- Romance and Social Engineering Scams: Fraudsters build trust with victims online, often targeting individuals with emotional pleas, requesting money for a sudden family emergency, or threatening sextortion. The scammers exploit the emotional connection to facilitate unauthorized money transfers.
These examples underscore why RBB’s alert emphasizes skepticism towards unsolicited offers of financial benefits or urgent requests for help.
Rastriya Banijya Bank’s Digital Security Features
The bank mentions that it has strengthened its digital infrastructure with multi-factor authentication and encryption. This robust approach is in line with the Nepal Rastra Bank (NRB) guidelines, which mandate that banks must implement strong defense mechanisms against cyber threats.
The security measures RBB employs for its digital platforms, such as RBB Digital Sansar (Mobile Banking) and its Internet Banking service, include:
Security Feature Description & Customer Protection
SSL/HTTPS Encryption The bank’s online banking website address begins with https:, and its services use Secure Socket Layer (SSL) encryption (often 128-bit) to transform sensitive data into unrecognizable characters during transmission. This ensures privacy between the customer’s browser and the bank’s server.
Virtual Keyboard Available on the Internet Banking login panel, this feature protects customers against malicious key logger programs that might be installed on their device, especially when logging in from a public computer.
MPIN & Login Password The mobile banking app, RBB Digital Sansar, employs a two-tier security approach: a Login Password for app access and an MPIN (Mobile Personal Identification Number) for executing financial transactions (like fund transfers and payments). Customers are responsible for the secrecy of both.
Device/SIM-Bound Security For SMS mode mobile banking, the service is often limited to the registered SIM card. For GPRS (internet) mode, the app requires a device reset if used on a new phone, preventing account takeover attempts through unauthorized device changes.
Regulatory Compliance RBB adheres to NRB guidelines that mandate measures like phishing attack detection/mitigation, data encryption, and robust internal controls (e.g., segregation of duties and change management) to maintain a secure operating environment.
Actionable Steps for Customer Safety
The bank’s alert advises customers to adopt safe banking habits. To ensure maximum protection, customers should follow a comprehensive security checklist:
1. Verify Official Communication Channels
- RBB’s Official Domain: Only use the bank’s official website: www.rbb.com.np. Always type the URL directly into the browser or use verified links from the official page. Check for the HTTPS and the padlock icon.
- Report Suspicion: Immediately contact RBB through their verified support helpline or visit the nearest branch if you receive a suspicious call, message, or email. The bank is actively collaborating with law enforcement to combat these crimes.
2. Protect Confidential Information
- Never Share Secrets: Absolutely never disclose your OTP, PIN, password, or e-banking credentials to anyone, even if they claim to be a bank official, police officer, or a friend in need (in the case of impersonation scams). A genuine RBB employee will never ask for this information.
- Strong Passwords: Use unique passwords that are at least 8 characters long and contain a mix of capital letters, numbers, and special characters. Change them regularly.
- Enable 2FA: Enable two-factor authentication (2FA) wherever possible for your banking and email accounts to add an extra layer of defense.
3. Safe Digital Practices
- Avoid Public Wi-Fi: Refrain from performing sensitive banking transactions (like fund transfers) while connected to unsecured or public Wi-Fi networks.
- Monitor Accounts: Regularly check your account statements and transaction history for any unauthorized activity. Set transaction limits where possible to mitigate potential losses.
- Download from Official Stores: Only download the RBB Digital Sansar mobile app from the official Apple App Store or Google Play Store.
By maintaining constant vigilance and strictly adhering to the “do not share confidential information” rule, customers can effectively become the first and strongest line of defense against financial fraud, supporting RBB’s ongoing commitment to a safer digital banking environment in Nepal.
For More: Rastriya Banijya Bank Alert