The unfolding ATM hacking saga is one more reminder of the pathetic state of the safety of our digital architecture. Five Chinese nationals, abetted by three Nepalis, could withdraw nearly Rs 35 million from various ATMs in Kathmandu after they hacked into these banks’ common card switching mechanism, the Nepal Electronic Payment System (NEPS). In fact, over the past few years, ATM hackings have been taking place with troubling frequency. Nepal Rastra Bank, the central bank, which is supposed to monitor the commercial banks for the strength of their digital safety, has been unable do so with its ‘inadequate resources’.
This is dangerous. Potentially trillions of rupees of people’s savings are at risk. There are apparently many loopholes in our digital payment platform that skillful hackers can exploit. Nepal’s commercial banks have been brazen in their negligence. For instance, even though the central bank has made chip-based debit cards mandatory, many banks continue to dole out cards without these safety features. But then the central bank itself has been lax in monitoring these commercial institutions.
This shows how lightly the Nepali state and its public and private enterprises take digital safety. How irresponsible have successive governments been in not strengthening the central bank’s digital safety branch! Surely, even a few billions rupees is not too high a cost to prevent a potential collapse of Nepal’s economy at the hands of crafty hackers. Yet full-on complacency has been the norm till date. The SCT and NEPS, the brokers of these ATM-based electronic bank transactions, have been breathtakingly negligent, too, with reported cases of their technicians being allowed to operate from their insecure home-based cyber networks.
Hackers in and out of the country are getting more sophisticated, and they know Nepal is among the countries with the least secure electronic infrastructures. In the latest edition of the (global) National Cyber Security Index, Nepal ranks a lowly 92nd out of the 100 countries surveyed. If our leaky digital systems are not overhauled immediately, a far more ruinous heist could be around the corner.