Digital banking and cybersecurity landscape in Nepal

Digital Banking
Photo by David Dvořáček on Unsplash

Digital banking can be easily understood as the process of delivering banking services online, encompassing both transactional and non-transactional services. This enables end users to access these services without the necessity of physically visiting a bank.

For any service, technology plays a pivotal role. Customers commonly interact with a bank through various official platforms, such as the official website, mobile applications, social media channels, mobile banking services, email, and messaging platforms like Viber or Facebook Messenger.

The public also has the option to experience banking services either through digital channels or by visiting branches, ATMs, or POS terminals. Access to financial services is thriving through digital channels such as the internet and mobile banking, accompanied by diverse payment methods including debit cards, mobile wallets, and QR codes.

Over 72 per cent of Nepali now own mobile phones, making them a key tool for financial inclusion. This has made it easy for e-wallets to act as a convenient way to make payments without the need for cash or cards. The use of digital channels and payment methods has several benefits for individuals and businesses in Nepal. For individuals, digital banking has made it easier to save money, send and receive money, and access financial services. For businesses, it can improve efficiency, reduce costs, and reach a wider customer base.

The Covid pandemic also significantly contributed to the emergence of digital banking platforms. Many banks launched online account opening and e-KYC filling services during the Covid pandemic.

­­­From 2020 to 2023, Nepal’s e-payment landscape witnessed a dramatic surge in transaction volume, growing by over 300 per cent, while the transaction amount saw a more mixed trend, initially soaring but experiencing a slight dip in the last year. Despite this recent trivial decline in value, the sheer volume of transactions underscores the rapid shift towards digital payments in Nepal.

Rise of internet-focused banking

internet banking
Banking malware can target digital banking systems, compromise customer credentials, and enable fraudulent transactions. Photo by rupixen.com on Unsplash

Looking at the volume of e-payment transactions as of mid-October 2023, the top three channels used for transactions are mobile banking, e-wallet and debit cards. These three channels collectively represent 66 per cent of the total number of transactions performed in Nepal.

Mobile banking, debit cards, and e-wallets have transformed Nepal’s financial landscape, enhancing accessibility and efficiency. The widespread adoption of smartphones and the expansion of mobile networks have fueled the popularity of digital banking, offering users features like fund transfers and bill payments. Debit cards, linked to bank accounts, provide a widely accepted cashless transaction method, especially in urban areas, while e-wallets have gained traction for their simplicity and versatility, facilitating digital transactions.

The remarkable surge in the frequency of digital commerce indicates the recent expansion of Nepal’s digital payment system. While there’s a long way to go, the digital transformation of the Nepali payment system highlights the efforts made by all relevant parties, particularly the NRB, governmental organisations, the commercial sector, and the final consumer, the people.

Nepal has wholeheartedly embraced the digital age, evident in the growing adoption of online services, e-commerce, and digital communication. While this digital evolution offers convenience and efficiency, it also exposes new threats. Consequently, safeguarding digital assets has become an integral part of national security.

The challenges of digital banking

mobile banking
Disruption of digital banking services due to overwhelming traffic can result in financial losses and erode customer confidence.

One of the common attacks in banking is phishing which involves tricking individuals into revealing sensitive information such as usernames, passwords, or credit card details by posing as a trustworthy entity.

Phishing attacks can target bank customers or employees, leading to unauthorised access to accounts or sensitive banking systems. Malicious software, or malware, can also infect computer systems and gain unauthorised access, steal information, or disrupt operations. Banking malware can target digital banking systems, compromise customer credentials, and enable fraudulent transactions.

Denial-of-Service (DoS) attacks aim to overwhelm a system, network, or website with traffic, causing it to become slow or unavailable. Disruption of digital banking services due to overwhelming traffic can result in financial losses and erode customer confidence.

An attacker in Man-in-the-Middle (MitM) intercepts and potentially alters communication between two parties without their knowledge. Attackers can capture sensitive data during online transactions, such as login credentials or financial details.

Criminals may also attach devices to Automated Teller Machines (ATMs) to capture card information and Personal Identification Numbers (PINs) from unsuspecting users. Skimming devices can lead to unauthorised withdrawals and compromise customer accounts.

Ransomware encrypts a victim’s data and demands a ransom for its release. If a bank’s systems are compromised, it may result in the loss of critical data or disrupt operations until a ransom is paid.

Social engineering involves manipulating individuals to divulge confidential information through psychological tactics. Social engineering attacks can trick bank employees into providing access credentials or sensitive information.

Actions to take

Nepal Rastra Bank NRB monetary policy - margin lending
File: Nepal Rastra Bank

Banks to mitigate the above risks, should implement a comprehensive framework that identifies, assesses, prioritises, and monitors IT risks. This framework should align with regulatory requirements and industry best practices. The bank should conduct regular vulnerability assessments along with a layered security approach with firewalls, intrusion detection systems, access controls, encryption, and data loss prevention solutions.

Bank should utilise automation tools for tasks like patching, configuration management, and incident response and leverage data analytics to detect and respond to threats proactively.

As Nepal navigates its digital journey, the need for robust cybersecurity is increasingly evident. The nation’s growing reliance on digital services and communication exposes it to a range of cyber threats, from ransomware to data breaches.

Building a team of skilled cybersecurity professionals, keeping employees aware of recent threats in the international market, getting third-party IT Security Audits periodically and ensuring compliance with industry-specific regulations like PCI-DSS and Basel III, which address data privacy, security, and operational resilience will help to mitigate IT risks.

React to this post

Dhital is a member of Information Systems Audit and Control Association (ISACA), USA.

More From the Author


New Old Popular