Along with the advancement of information and communication technologies, banks and financial institutions (BFIs) are providing various types of digital banking services. The mobile banking service is the most popular form of this.
With the service, the customer can access his/her bank account at any time using his/her mobile number and can accomplish banking transactions quickly and easily without going to the bank. This service can be taken in two ways, firstly by making transactions through the application using the internet and secondly by making transactions through SMS even without the internet.
Through mobile banking service, one can confirm the money in his/her bank account, view the bank statements, transfer money to other accounts, recharge mobile and TV, book air and bus tickets, and pay for water, electricity, phone and internet bills. There are facilities such as loading funds in digital wallets, paying service charges and bills of various offices, paying government tax and revenue, requesting a chequebook of bank account and an ATM card etc.
But, due to poor network and other technical reasons, sometimes, transactions cannot be completed on time. In such cases, the amount is deducted from the sender’s account but the amount is not deposited in the account of the receiver, the amount is deducted from the account multiple times even when trying to pay only once, and the amount deducted unnecessarily is not returned to the account on time.
Similarly, increasing incidents of unauthorised access to the mobile banking system, unauthorised transactions and loss of funds from the account have emerged as the most complex and challenging problems at present.
It is necessary for all the concerned parties to make mobile banking services safe, reliable and trustworthy. Several attempts have to be made from their sides to secure mobile banking transactions, which are discussed below.
Role of telecom service providers
According to the current provision, telecom companies can provide sim cards to the customer easily based on the application form with a copy of the citizenship certificate and photo. Taking the advantage of this convenience, there is a risk that people and gangs involved in fraud can take sim cards by misusing anyone’s citizenship card and photo.
The provision of easily providing another sim card in case of a lost sim card is also likely to increase the misuse. Not only that, there is a provision that telecom companies can recycle (reuse) mobile numbers that are inactive or not in use for six months. It means they can provide the same mobile number to new customers. Due to this provision, it has been found that telecom companies are issuing mobile numbers in the name of new customers even without the permission of old customers. This is where the error has occurred.
From a practical point of view, there is a situation. For example, when a customer has to stay abroad for more than six months due to employment, study and another purpose, they can be asked to give up the mobile number registered in their name without knowing it in advance.
With the loss of a mobile number, there is a possibility that an unauthorised person can gain access to mobile banking and other services associated with that number. Telecom companies should be serious about this matter and the customer also should be made sufficiently aware.
In fact, the customer identification (KYC) process should be strictly followed in the distribution of sim cards (mobile numbers). The misuse of sim cards can be minimised if they can arrange the system of recording whether the customer is a resident citizen or not, whether they will use the sim card by themselves or not, how long it will be actively used and when it will remain inactive. Electronic customer identification (e-KYC) embedded with the biometric system can be used for genuine customer identification.
While issuing sim cards, if there is an arrangement to keep the contact number of a family member or neighbour or friend as a reference number, the possibility of misuse of the mobile number can be declined and it will be easy to trace in case of misuse.
Clear policy and legal arrangements should be enforced to prevent fraudulent incidents. Nepal Telecommunication Authority (NTA), the regulatory body of telecom service providers, should conduct further study, research and monitoring in this regard and formulate the necessary policies as well as instruct the telecom service providers to be more responsible.
Role of BFIs
The role of the BFIs is important to make mobile banking services safe and reliable. If they apply some precautions from the beginning, it will be easy to solve the problems that may arise in the future.
Advising the customers to take mobile banking service only with the mobile number registered in their own name and used by themself is the best option. Practically, it is found that this service is also taken on the mobile number of the family members.
The BFIs should inform the customers in advance about the risks that may occur. Also, customers should be advised to inform the bank immediately if they lose their mobile phone or if they need to change their number.
The BFIs should notify if any suspicious transaction is made through the mobile banking system. They should trace such transactions and get official information about the transactions from genuine customers.
By further tightening the provision that mobile banking facility can be availed with any mobile number based on signature and identity card verification, it should be made clear that the customer can avail of the service only with the mobile number mentioned in the KYC form filled up at the time of opening an account or as updated in the KYC.
The BFIs should apply all kinds of measures to ensure safe transactions. The functions of the IT and digital banking departments should be streamlined and arrangements should be made to hear the complaints related to fraud and address them as soon as possible.
The BFIs could arrange a system of turning full mobile banking service into SMS alerts only if a customer registers for full mobile banking service and does not use it for up to three months.
To minimise the incidents of theft and fraudulent offences caused by the weakness of the BFIs, the regulatory body Nepal Rastra Bank (NRB) should make necessary policy arrangements and issue directives accordingly.
Role of customers
It is the responsibility of every customer to protect the vital data of all types of mobile banking services that they use. Therefore, it is the customer’s responsibility to keep safe the login credentials including passwords and transaction PINs of the mobile banking services.
Some fraudsters contact the customer through social media such as Facebook Messenger, Viber and WhatsApp and ask for the credentials on various pretexts saying that they need to deposit some amount in their account to get the lottery worth millions won by them. To avoid such scams, customers should never give the OTPs received on their mobile phones to anyone.
In order to convince the customer and take them into confidence, the fraudsters sometimes pretend to be bank employees, friends, relatives or neighbours and ask for confidential and important data from the customers. The customers should be clear that the BFIs never ask for such sensitive data via phone conversation.
The customers should not allow others to use the digital banking services belonging to them. In case of any difficulty or doubt in using such services, it is better to contact the bank directly. They should read all the terms and conditions while applying for the service and also should know the possible merits and demerits of the service.
If a customer loses their mobile phone or observs a suspicious transaction, they should immediately inform the bank and suspend the account or mobile banking service.
If the customer needs to change the mobile set, a device reset can be done after completing the procedure prescribed by the bank. Similarly, to change mobile numbers, the customers should update the KYC form first and then apply for the mobile banking service on the new number.
In case of not being able to take regular service while going abroad or for any other reason, the bank should be informed and the service should be suspended. If this is done, the bank should be responsible if any incident occurs during the service suspension period.
The customers should be updated about the notices issued by telecom companies, BFIs or other concerned agencies. They should not easily provide their sensitive documents like identity cards or photos. If someone asks for them one should be alert whether their documents are being misused.
At the end
As the number of mobile banking users is increasing day by day, the risk is also increasing in the same proportion. Mitigating the growing risk is the major need of today. It is not enough for one party to be responsible for this; the cooperation of all stakeholders is necessary.
The joint effort of customers, BFIs, telecom companies, NRB, NTA like regulatory bodies, mass media, security agencies including Nepal Police, digital wallet operators and agencies working in the field of information communication technology is necessary to control the fraud through mobile banking and make the service more safe, reliable and trustworthy.