When Registration Is Messed Up, One's Mobile Banking Is In The Hands Of Another
As the use of technology grows, so do the challenges. Lack of awareness and negligence in the use of technology has increased the risk.
Baburam Bohora, a resident of Dhapasi, Kathmandu, got a number from another bank account in Mega Bank on Monday. He said that the mobile number he has been using for the last four years may have a general technical error and he expected the problem to be resolved soon.
So he didn't really care. But on Wednesday, Bohora received another SMS from the same number from Mega Bank.
In which there was a notification that some money (salary) was deposited in another person's account. Soon after, he downloaded Mega Bank's mobile banking app for testing.
After installing it and keeping his mobile number, the 6-digit verification code also came to his phone number. ‘I set the transaction PIN with the code. I also kept a fingerprint. When the mobile application was in my hands, I would have done whatever I wanted. I could have done anything as there was no notification to the account holder, 'says Baburam.
Bohora, who is also a cyber security analyst, immediately informed Mega Bank's technical officer Sobit Shah Thakuri on Wednesday. He also informed Mega Bank about it through an official email on Thursday.
But even on Friday, Mega Bank's mobile banking app was active from his phone number. When contacted, Mega Bank's Chief Operating Officer (COO) Rajesh Sharma said that access to Baburam Bohora had just been blocked.
"We are studying whether the service recipient has entered the wrong phone number himself or it is due to the weakness of the bank staff," said Rajesh. This is not the first instance of negligence on the part of the bank in KYC verification and negligence on the part of the service recipients.
Kavita Kunwar has also gone through a similar problem. Mega Bank used to call him to give notification about credit details of wrong account number.
She informed the bank about it. But after the bank ignored her complaint, she stopped complaining, she said.
Janish Lama, a service recipient of NIC Asia Bank, has also faced a similar problem. Similarly, Kiran Gautam also said that another person's business message used to come from Himalayan Bank in his number.
Unaware of the importance of registering a phone number in KYC and the risks posed by negligence in modern fintech (financial technology), the clients do not pay much attention to the phone number and email.
This type of problem has been prevalent in banks and financial institutions for a long time. With the advent of electronic payment systems, this problem has become even more serious and risky.
However, the regulator NRB said that so far no report of such problem has been received from any user or bank financial institution. Bhuvan Kandel, head of the payment system department of NRB, said that all the internal security arrangements to be adopted while providing electronic payment services have been provided in point three of the integrated directive issued by NRB.
"If any security measures are inadequate, the central bank is ready to amend," he said. "Both sides should be responsible in such a situation," he said.
"The client himself should be vigilant. "We have made it clear in the guidelines that those who are allowed to meet the certified level of security must be audited from time to time," said Kendall. "Banks also need to check and verify sensitive information."
He said that all those who have given permission for payment have been instructed to upgrade the system only after verifying the information of the service recipients. In addition, it is mentioned that the responsibility of addressing any complaint immediately lies with the concerned bank and financial institution.
If the concerned bank does not address the grievances of the service recipients, the regulator can send the date of the incident and the entire transaction in the email of NRB, said Executive Director Kandel.
In addition, under the policy of SIM recycle, the provision of Nepal Telecommunication Authority to register in the name of another person after one year of non-use of SIM has also indirectly affected the process of KYC firm, sources said.