The Rising Cyber Threats Facing Nepalese Banks
Official insights and trends on cyber-enabled frauds and attacks targeting Nepal’s banking sector (2020-2024)
Introduction: Digital Growth and Emerging Risks
Nepal’s banking sector has witnessed rapid digital transformation in recent years. According to Nepal Rastra Bank’s Payment Systems Department, as of mid-2024, mobile banking customers have more than doubled to over 23.7 million, internet banking users nearly doubled to 1.9 million, and connectIPS users surged by over 670% to 1.25 million. This widespread adoption of digital financial services has, however, increased the sector’s exposure to cyber-enabled frauds and attacks.
The Financial Intelligence Unit (FIU-Nepal) and Nepal Police Cyber Bureau have reported a significant rise in cyber-enabled frauds targeting banks and financial institutions, underscoring the urgent need for enhanced cybersecurity measures.
Official Cybercrime Statistics Related to Banking Sector
According to the FIU-Nepal’s 2023/24 Annual Report, cyber-enabled frauds (CEF) have become one of the most reported crime categories among banks and financial institutions. The Nepal Police Cyber Bureau data shows that cybercrime cases increased six-fold over the last five years, with financial frauds constituting approximately 20% of all cybercrime complaints in recent months.
| Fiscal Year | Total Cybercrime Cases (All Sectors) | Financial Fraud Cases (Approx.) | Source |
|---|---|---|---|
| 2019/20 | 2,301 | ~460 | Nepal Police Cyber Bureau |
| 2020/21 | 3,906 | ~780 | Nepal Police Cyber Bureau |
| 2021/22 | 4,686 | ~940 | Nepal Police Cyber Bureau |
| 2022/23 | 9,013 | ~1,800 | Nepal Police Cyber Bureau |
| 2023/24 (up to March) | 12,789 | ~2,560 | Nepal Police Cyber Bureau |
These financial fraud cases include phishing, online scams, fraudulent transactions, and identity theft targeting bank customers and institutions.
Common Cyber Threats Facing Nepalese Banks
- Phishing & Social Engineering: Fraudsters impersonate bank officials or create fake websites and apps to steal credentials. FIU-Nepal reports this as the most frequent modus operandi in cyber-enabled frauds.
- Multiple Account Fraud: Criminals open multiple accounts across different banks and payment service providers to launder illicit funds, complicating detection efforts.
- Mobile Banking Exploits: With over 23 million mobile banking users, attackers exploit vulnerabilities in apps and mobile authentication, often using stolen mobile numbers or SIM swap fraud.
- Insider Threats: Some frauds involve bank insiders abusing access privileges, as highlighted in investigations by NRB and FIU-Nepal.
- Ransomware & Malware: Though less publicly reported, ransomware targeting core banking infrastructure is a growing concern globally and is expected to impact Nepalese banks if preventive measures are not strengthened.
- Fake Profiles & Social Media Scams: Attackers use social media platforms to defraud customers, often by creating fake profiles or spreading misinformation.
Noteworthy Incidents
While Nepalese banks have not publicly disclosed large-scale breaches, several incidents have been reported:
- F1Soft Digital Payment Breach (2024): A breach in one of Nepal’s largest payment service providers resulted in unauthorized transactions estimated at NPR 34.2 million, as reported by Nepal Police and FIU-Nepal.
- Data Breach at Nepal Rastra Bank (2024): The central bank itself experienced a data breach, raising concerns about regulatory cybersecurity.
- Increase in Phishing Complaints: The Nepal Police Cyber Bureau reported over 2,500 phishing complaints linked to banking fraud in 2023-24.
Challenges in Combating Cyber Threats
According to officials at the Nepal Police Cyber Bureau, the rapid rise in cybercrime cases has overwhelmed existing investigative capacities. There is a shortage of certified cybersecurity experts and specialized technical analysis tools. Additionally, a lack of widespread digital literacy among the population increases vulnerability to scams and frauds.
Recommendations and Defensive Measures
The FIU-Nepal Strategic Analysis Report (2024) recommends several measures for banks and regulators to reduce cyber-enabled fraud losses:
- Enhanced Customer Awareness: Educate customers on phishing, social engineering, and safe digital banking practices.
- Robust Multi-Factor Authentication: Enforce MFA for all banking transactions and access points.
- Improved Monitoring & Reporting: Banks should promptly report suspicious transactions and collaborate with FIU-Nepal and law enforcement.
- Regular Security Audits: Conduct vulnerability assessments and penetration testing of banking systems and mobile apps.
- Stronger Regulatory Oversight: Nepal Rastra Bank mandates timely cyber incident reporting and third-party security audits for all BFIs.
- Collaboration & Intelligence Sharing: Foster cooperation between banks, regulators, and law enforcement for threat intelligence sharing.
Conclusion
Nepalese banks face rising cyber threats amid rapid digital adoption. Official data confirms an alarming increase in cyber-enabled financial frauds, driven largely by phishing, social engineering, and mobile banking vulnerabilities. Addressing these challenges requires coordinated efforts from banks, regulators, law enforcement, and customers to build a secure digital banking ecosystem.