NRB Nepal Rastra Bank has circulated a three-point directive to the bank and financial institutions (BFIs) for directing and maintaining internal and external risks in the management of information technology (IT).
Publishing a circular on Tuesday, the central bank has told BFIs to attempt three measures to restrict cyber-attack or other security breaches of their IT system. The central bank has directed BFIs to establish their technical capacities like perimeter defense, access control, encryption, antivirus, and firewall, update them frequently, and check the genuineness of their system utilized for payment order and other service deliveries.
The criteria advised by the central bank is aimed at controlling risks of data loss and theft, and refusal of services caused from cyber-attack, malware virus, and ransomware along with other external threats like spam, phishing and spoofing through the website, mobile application, official social media networks and IT system.
Stating that there have been attempts to infiltrate the systems of banks from illegal people or places by placing fraudulent order or correspondences, the central bank has also directed BFIs to carry out regular monitoring and reporting of their systems and share information of any conflict or attack to the corresponding agencies.
The central bank also told BFIs to prepare Defensive, Detective and Responsive IT Security Strategy and carry out a safety audit of IT systems constantly in line with the international best practices, and also proactively operate for establishing awareness and capacity development of their users and staffers.
The central bank’s diktat arises in the wake of recent ATM heist in Kathmandu.
As per the preceding verdicts of the NRB, a group of hackers has grabbed over Rs 18.9 million by hacking the payment by the use of cloned debit and credit cards of 17 member banks of the NEPS which use Visa system.
Furthermore, IRs 1.05 million was stolen in India from six commercial banks of Nepal on the same day, as per the NRB.
Earlier on Tuesday, the NRB summoned CEOs of BFIs to discuss security measures for warding off any cyber seizure or threats to the IT system. During the meeting, NRB Governor Chiranjibi Nepal also reportedly directed CEOs to watch over their systems especially during the festive season.
Concerning safety measures, the central bank reduced the maximum limit for cash withdrawal utilizing a debit card last Thursday. The NRB has already told BFIs to reduce their withdrawal ceiling to Rs 20,000 per transaction from Rs 25,000. With the new rule in place, the debit cardholder of any BFI will not be entitled to withdraw more than Rs 20,000 from ATM kiosk in a single transaction. Likewise, the central bank has also severed the maximum single-day withdrawal limit by Rs 40,000.