Recent ATM hacking incident calls for effective monitoring of CCTV at ATM booths

Kathmandu– The recent incident of Chinese hackers looting money from ATM booths has come as a wakeup call for the banks and financial institutions to the need of carrying out regular centralized monitoring of the CCTV installed at their ATM booths.

The Chinese hackers on August 31 had looted Rs 18,944,500 from 68 ATMs of 17 banks by using various cards of seven banks.

The day was Saturday and the hackers carried out their nefarious business from 11am to 4.35 pm. Saturday is a holiday in Nepal.

The misdeed was carried out by hacking the security system of the banks and financial institutions It is said hackers had also taken out Indian currency Rs 10 million 587 thousand 200 from 132 ATMs of 24 different Indian banks.

hey are found to have extracted a total amount of Rs 35 million 884 thousand 20 from Nepal and India. An investigation committee constituted by Nepal Rastra Bank following this incident has, in its preliminary report, directed the banks and financial institutions to make arrangements for regularly monitoring the CCTV on Saturdays and other public holidays as well.

The five-member committee under the coordination of Executive Director at the NRB's payment systems department Bam Bahadur Mishra has also recommended the BFIs to make provisions to replace the 'chip-less' cards issued by them with the 'chip-based' cards within three months.

The committee has submitted its report to NRB Governor Dr Chiranjibi Nepal on Wednesday. The report states that of the transactions carried out during that time, some were found to be real and the rest of the additional transactions are in the process of being verified, hence the amount that has been looted might be somewhat less.

The report has specified the short-term and long-term suggestions for reducing the possible risk taking into account the shortcomings seen in the payment system taking place by using cards and on the basis of the study of the hacking incident.

It has also recommended that the banks should have the incident closely studied and analyzed by forensic experts and to implement the recommendations given by them.

Likewise, the committee has suggested that directives have to be issued to the licensed banks and financial institutions, PSPs and PAOs to adopt necessary measures for minimizing the risk by evaluating their payment system made through IT and electronic system.

It has also pointed out to the need of making provision to tally the visa, master card the next day of the transaction. Provisions have to be made henceforth that the debit and credit cards for Nepali currency issued by banks and financial institutions of Nepal should be made fit for use in carrying out transaction by means of chip and PIN on the side of the customer and the issuing banks and financial institutions.

The committee has also suggested making arrangements for the necessary security system regarding the electronic cards as the Chinese hackers have drawn out money from ATMs of Nepali banks and financial institutions by using these cards.

Similarly, the banks and financial institutions have been suggested to adopt the required security system and make provisions for regularly monitoring the possible risks that might arise in the information technology sector.