Along with the advancement of information and communication technologies, banks and financial institutions (BFIs) are providing various types of digital banking services. Mobile banking is the most popular form.
With the service, the customer can access their bank account at any time using their mobile number and can perform banking transactions quickly and easily without going to the bank. This service can be taken in two ways, firstly by transacting through the app using internet and secondly by transacting through SMS even without internet.
Through mobile banking service, one can confirm money in his bank account, view bank statements, transfer money to other accounts, top up mobile and TV, book plane and bus tickets and pay water, electricity, telephone and internet bills . There are facilities such as loading funds into digital wallets, paying service charges and bills from various bureaus, paying taxes and government revenue, applying for bank account check book and ATM card, etc.
But, due to poor network and other technical reasons, sometimes transactions cannot be completed on time. In such cases, the amount is deducted from the sender’s account but the amount is not deposited into the recipient’s account, the amount is deducted from the account several times even trying to pay only once, and the amount deducted unnecessarily did not return to the account on time.
Likewise, the increasing incidents of unauthorized access to the mobile banking system, unauthorized transactions and loss of account funds have become the most complex and challenging issues today.
It is necessary for all parties involved to make mobile banking safe, reliable and trustworthy. Several attempts should be made from their side to secure mobile banking transactions, which are discussed below.
Role of telecommunications service providers
According to the current arrangement, telecommunications companies can easily provide SIM cards to the customer based on the application form with a copy of the citizenship certificate and photo. Taking advantage of this convenience, there is a risk that people and gangs involved in fraud could take SIM cards by misusing anyone’s citizenship card and photo.
The ability to easily provide another SIM card in case the SIM card is lost is also likely to increase abuse. Additionally, there is a provision that telecom companies can recycle (reuse) inactive or unused mobile numbers for six months. This means that they can provide the same mobile number to new customers. Due to this provision, telecom companies have been found to issue mobile numbers on behalf of new customers even without the permission of old customers. This is where the error occurred.
From a practical point of view, there is a situation. For example, when a customer needs to stay abroad for more than six months due to employment, study or some other reason, they may be asked to give up the mobile number registered in their name. without knowing it in advance.
With the loss of a mobile number, it is possible that an unauthorized person can access mobile banking and other services associated with that number. Telecom companies should be serious about this and the customer should also be sufficiently informed.
In fact, the customer identification process (KYC) must be strictly followed in the distribution of SIM cards (mobile numbers). The misuse of SIM cards can be minimized if they can arrange the registration system whether the customer is a resident citizen or not, whether he will use the SIM card by himself or not, how long he will be actively used and when it will remain inactive. The electronic customer identification (e-KYC) integrated into the biometric system can be used for true customer identification.
When issuing SIM cards, if there is an agreement to retain the contact number of a family member, neighbor or friend as a reference number, the possibility of misuse of the mobile phone number can be refused and it will be easy to find it in case of misuse. .
Clear policies and legal provisions should be enforced to prevent fraudulent incidents. The Nepal Telecommunications Authority (NTA), the regulatory body for telecommunications service providers, should conduct further studies, research and monitoring in this regard, formulate necessary policies and direct telecommunications service providers to be more responsible.
Role of CIBs
The role of CIBs is important in making mobile banking safe and reliable. If they apply a few precautions from the beginning, it will be easy to solve any problems that may arise in the future.
Advise customers to only take mobile banking service with the mobile number registered in their own name and used by themselves is the best option. Practically, we see that this service is also taken on the mobile number of family members.
CIBs must inform clients in advance of the risks that may arise. Also, customers should be instructed to notify the bank immediately if they lose their mobile phone or need to change their number.
CIBs must notify any suspicious transactions made via the mobile banking system. They must trace these transactions and obtain official transaction information from genuine customers.
Further strengthening the provision that mobile banking services can be used with any mobile number based on signature and ID card verification, it should be clarified that the customer cannot benefit from the service only with the mobile number mentioned in the KYC form filled in at the time of opening an account or as updated in the KYC.
CIBs should apply all kinds of measures to guarantee the security of transactions. IT and digital banking functions should be streamlined and arrangements should be made to hear complaints related to fraud and deal with them in a timely manner.
CIBs could implement a system to turn full mobile banking into SMS alerts only if a customer signs up for full mobile banking and does not use it for up to three months.
In order to minimize incidents of theft and fraudulent offenses caused by weak BFIs, the regulator Nepal Rastra Bank (NRB) should make necessary policy arrangements and issue guidelines accordingly.
Role of customers
It is the responsibility of each customer to protect the vital data of all types of mobile banking services they use. Therefore, it is the customer’s responsibility to keep login credentials, including passwords and mobile banking transaction PINs, secure.
Some scammers contact the customer through social media such as Facebook messenger, Viber and WhatsApp and ask for the credentials under various pretexts saying that they have to deposit certain amount in their account to get the lottery worth millions won by them. To avoid such scams, customers should never give the OTPs received on their mobile phones to anyone.
In order to convince the customer and build their trust, fraudsters sometimes pose as bank employees, friends, relatives or neighbors and request confidential and important data from customers. Clients should be clear that CIBs never request such sensitive data over a telephone conversation.
Customers must not allow others to use their digital banking services. In case of difficulty or doubt in the use of these services, it is best to contact the bank directly. They should read all terms and conditions when requesting service and should also know the possible pros and cons of the service.
If a customer loses their mobile phone or observes a suspicious transaction, they should immediately notify the bank and suspend the account or mobile banking service.
If the customer needs to change the mobile extension, a reset of the device can be carried out after following the procedure prescribed by the bank. Similarly, to change mobile numbers, customers must first update the KYC form and then apply for mobile banking on the new number.
If it is impossible to take the regular service when traveling abroad or for any other reason, the bank must be informed and the service must be suspended. If this is done, the bank should be responsible if an incident occurs during the period of service suspension.
Customers should be aware of notices issued by telecommunications companies, BFIs or other relevant agencies. They should not easily provide their sensitive documents like ID cards or photos. If someone asks for them, you need to know if their documents are being misused.
At the end
As the number of mobile banking users increases day by day, the risk also increases in the same proportion. Mitigating the growing risk is today’s major need. It is not enough for one party to be responsible; the cooperation of all stakeholders is necessary.
The joint effort of clients, BFI, Telcos, NRB, NTA like regulators, media, security agencies including Nepal Police, digital wallet operators and agencies working in technology information and communication is needed to control fraud through mobile banking and to make the service more secure, reliable and trustworthy.