Case Study of recent ATM Fraud in Nepalese Banking
Explain the mechanism of the payment transaction that takes place when one person withdraws money from the ATM booth.
ATM is Automated Teller Machine. Now it’s making peoples life very easy as they get their money when they need. So, they do not need to carry either big amount of money or the cheque book all the time. To get rid from this burden they need to deposit money in the bank by opening an account and then the bank will be given a Card i.e. an ATM card with a PIN number to them. By using that they can withdraw money from any ATM machine of that bank.
Automated Teller Machine (ATM) is also an embedded system. Because it does the same work again and again like deposit money, withdraw money etc. For that it gives output very fast. Most importantly it has all the features of an embedded system like processor, RAM etc. and also software for user interaction.
Steps of Transaction Process Steps of Transaction
1. First customer inserts ATM card (E-cash card) into the machine and wait to insert PIN (personal identification number). When both processes are done ATM Machine check account number and PIN for further processing like requesting money to the bank server.
2. Bank Server debited the amount of money from the customer account. And update database for that customer account and send all transaction information to ETN server.
3. ETN server then update database so that they can send report to the banks. And then ETN send clearance signal to the ATM machine to dispenser.
4. After the clearance signal ATM machine dispense money to the customer.
What do you think could be the weaknesses of Nepalese banking system that the Chinese hackers preferred to use Nepalese Bank’s ATM booths?
In the context of Nepal, derived of new technology are not just into the hype. Usage of ATM by the customer are growing in the trend but it’s not as it has to be. Nepal as the very small market size and the electronic payment penetration are just around 65%. Any bank in today’s context need to think twice for the setup of ATM booth due to:
a. Transaction average hits are minimal
b. The overall expenditure is hard to cover in this regard for bank
c. Commission fees are extremely higher, with international network
d. Banks particularly need to invest more on infrastructure and all
Though, they are the major consequence for any bank to set up ATM booths. Such challenges lead to the compromise in major technical issues. Bank needs to invest more on technological aspect, which is extremely difficulties due to much expensive of the services. Regarding the Chinese Hackers who prefer Nepalese ATM due to:
a. Nepalese ATMs are guided with low technology, easily breakable software and so on
b. Investment into the cyber securities are very minimal so which can be easily hacked by anyone
c. Old tedious software is in use, which can be shut down at any notice of time
d. It’s hard for Nepalese bank to use the technology uses by VISAs, Mastercard, American Express. Which are absolutely higher expensive software
As per my opinion, it is true that country like Nepal have much problems in terms of investment but that not limit with investment only in today’s global context. It’s all about approaching the right thing, central Bank in Nepal is not much serious on this regard in spite of surrounded with Donor Agencies or any. Nepal Rastra Bank is completely not serious to take the cyber securities, Data fraud and so on issues as the future problems. They are taking as “Let it Be” which creates much motivated to hackers and they are more interest on Nepalese banking sectors.
3. Your recommendations to the regulator to safeguard from such hacker’s attacks in future with your logics and justifications.
In my opinion and my recommendations will for first Central Bank and Second to the Bank. They are as;
A. Central Bank:
a. First, central bank must regulate standard format laws on cyber securities and fraud cases. Which must be very punishable laws to those hackers of frauds.
b. Secondly, there must be a worth lobby from Government and central bank side
c. Invest very wisely on technology it’s the investment for future
d. Data securities and settlement banks activities need to monetarized very decently.
e. Need to learnt the lesson from past frauds and prepare for the future in terms of any conditions.
B. Banks:
a. Today Nepalese commercial Banks are generating adequate amount of profit, and certain portion of that profit must invest on technology driven forces.
b. Hire well trained skilled cyber securities experts, Data scientist and IT expert
c. Invest more on latest technology, it’s one-time investment for the better secure
d. Adequate training and facilities must give to the employee regarding cyber safety
e. In Nepal there are very few banks who are aware of such issues very sensitively like; SCB, Nepal Investment Bank, SBI next banks need to learn from them. In this concerned.
- Note: Opinion are based on author’s view. Open to discussed, comment and share!
