Digital banking and cybersecurity landscape in Nepal

Digital banking can be defined as the availability of banking services through online platforms, encompassing both transactional and non-transactional services. This eliminates the need for customers to physically visit brick-and-mortar banks. Technological empowerment is a key driver behind the seamless delivery of these services. Customers commonly interact with banks through various digital channels, including websites, mobile apps, social media, mobile banking, email, Viber/Messenger and call centers.

Customers can avail themselves of banking services through these digital channels or by directly visiting branches or using ATMs/POS. The array of options includes online shopping, mobile banking, third-party wallets/websites, Visa cards, payment options, POS machines and ATMs. The surge in access to finance through digital channels, such as internet and mobile banking, has been accompanied by the adoption of payment methods like debit cards, mobile wallets and QR codes.

In Nepal, where over 72 percent of the population owns mobile phones, these devices have become instrumental in promoting financial inclusion. E-wallets have emerged as convenient tools for making cashless payments. The utilization of digital channels and payment methods brings numerous benefits to individuals, facilitating easier savings, money transfers and access to financial services. Businesses stand to have improved efficiency, reduced costs and a broader customer reach. The Covid-19 pandemic played a significant role in accelerating the adoption of digital banking platforms in Nepal. Many banks responded to the challenges resulting from the pandemic by launching online account opening and e-KYC filling services during the Covid-19 lockdown. Nepal’s e-payment landscape has witnessed a remarkable surge over the past four years. 

From 2020 to 2023, Nepal's e-payment landscape experienced an impressive surge in transaction volume, witnessing a remarkable growth of over 300 percent. However, the transaction amount exhibited a more nuanced pattern, initially soaring and later experiencing a slight dip in the last year. Despite this recent decline in value, the sheer volume of transactions underscores the rapid transition toward digital payments in Nepal. As of mid-October 2023, when examining the volume of e-payment transactions, the top three channels utilized are mobile banking, e-Wallets and debit cards. Collectively, these three channels account for 66 percent of the total number of transactions conducted.

Mobile banking, debit cards and e-wallets have reshaped Nepal's financial landscape. The widespread adoption of smartphones and the expansion of mobile networks have propelled the popularity of mobile banking, providing users with features such as fund transfers and bill payments. Debit cards offer a widely accepted cashless transaction method, particularly in urban areas. Simultaneously, e-wallets have gained traction due to their simplicity and versatility.

The significant surge in the frequency of digital commerce reflects the recent expansion of Nepal's digital payment system. While there is still a considerable journey ahead, the ongoing transformation of the Nepali payment system is due to the collective efforts of relevant stakeholders, including Nepal Rastra Bank and other government agencies, the private sector, and the ultimate consumer—the people.

Nepal has embraced the digital age wholeheartedly. While this digital evolution brings convenience and efficiency, it also introduces new threats, making the safeguarding of digital assets an integral aspect of national security. One common attack in the banking sector is phishing, a technique involving the deception of individuals into divulging sensitive information, such as usernames, passwords or credit card details by posing as a trustworthy entity. Phishing attacks can target both bank customers and employees, potentially leading to unauthorized access to accounts or sensitive banking systems. Malicious software, or malware, presents another threat by infecting computer systems to gain unauthorized access, steal information, or disrupt operations. Malwares can target online banking systems, compromising customer credentials and facilitating fraudulent transactions.

Denial-of-Service (DoS) attacks overwhelm a system, network, or website with traffic, causing it to slow down or become temporarily unavailable. Disruption of online banking services due to excessive traffic can result in financial losses and undermine customer confidence.

In a Man-in-the-Middle (MitM) attack, malicious actors intercept and potentially alter communication between two parties without their knowledge. This type of attack can lead to the capture of sensitive data during online transactions, including login credentials or financial details.

Criminals may also affix devices to Automated Teller Machines (ATMs) to capture card information and Personal Identification Numbers (PINs) from unsuspecting users, leading to unauthorized withdrawals and compromising customer accounts.

Ransomware poses yet another threat, encrypting a victim's data and demanding a ransom for its release.

Social engineering involves manipulating individuals to disclose confidential information through psychological tactics. These attacks can trick bank employees into providing access to credentials or sensitive information.

To mitigate such risks, banks should implement a comprehensive framework that identifies, assesses, prioritizes and monitors IT risks. This framework should align with regulatory requirements and industry best practices. Regular vulnerability assessments, coupled with a layered security approach involving firewalls, intrusion detection systems, access controls, encryption and data loss prevention solutions are essential components of a robust cybersecurity strategy.

Automation tools can play a crucial role in tasks such as patching, configuration management and incident response. Additionally, leveraging data analytics enables proactive detection and response to threats.

As Nepal continues its digital journey, the imperative for robust cybersecurity has become increasingly evident due to a growing reliance on digital services and communication, exposing the nation to various cybersecurity threats, ranging from ransomware to data breaches. Building a team of skilled cybersecurity professionals, keeping employees informed about recent threats in the international market, conducting periodic third-party IT security audits and ensuring compliance with industry-specific regulations like PCI-DSS and Basel III are crucial steps to mitigate IT risks. These regulations address data privacy, security and operational resilience, providing a comprehensive framework for enhancing cybersecurity in the financial sector.

The author is a member of Information Systems Audit and Control Association , USA