The Nepal Electronic Payment Systems Limited (NEPS) on Wednesday urged cards users to only conduct transactions at the issuing bank’s ATM after the hack by Chinese nationals caused many banks to limit cross banking transactions.

NEPS is the service provider interface that allows the transaction of money deposited in a bank by using cards issued by other member banks. It facilitates the ATM system to work in coordination with the Visa card system and the core banking software.

NEPS has come up with the move after a large number of bank customers faced problems in carrying out cross banking transactions via ATMs following the cash-out hack.

NEPS incorporates 11 commercial banks including Prabhu Bank, Sunrise Bank, Machhapuchchhre Bank, Janata Bank Nepal, Siddhartha Bank, Citizens Bank International, NIC Asia Bank, Prime Bank, Nepal Bangladesh Bank and Global IME Bank as its members. Similarly, seven development banks have shared this common platform to provide their services.

In the recent case of stealing cash, hackers were found to have used the cards issued by a bank in ATMs operated by other banks to withdraw the money. The hackers had used fake cards to spoof the link of NEPS with the software used by Visa card and software with banks. The cloned card had verified all the details of the bank’s customers on its own and allowed the hackers steal money from the vending machines.

In its notice, NEPS has asked card holders to use only machines installed by the card issuing bank. Laxmi Prapanna Niroula, spokesperson of Nepal Rastra Bank, said the NEPS has temporarily stopped the service of cross banking transactions via ATM cards due to the undergoing investigation.

Niroula said NEPS is carrying out a digital forensic analysis to find out technical details about the incident. According to him, two digital forensic analysts are arriving in Kathmandu on Wednesday evening to conduct an investigation. “The experts from Singapore will be analysing the evidence to find loopholes in the system,” said Niroula.

A digital forensic analyst is an expert who explores the causes behind high level cyber crimes.

Hempal Shrestha, member of the Federation of Computer Association Nepal, said the forensic experts will analyse digital footprints left by the hackers. “They will assess the server details, user id platform and browser history, among others to collect evidence of possible loopholes,” said Shrestha.

Shrestha said the government installed digital forensic lab is in the preliminary stage and lacks skilled manpower and necessary equipment. Stressing on the need for an efficient digital forensic lab, Shrestha said a lab could also help study the weak points in the existing system to prevent similar incidents in the future.

Meanwhile, the task force formed by Nepal Rastra Bank has ascertained that the hackers stole a total of Rs18.9 million from 13 Nepali banks. According to the team, hackers had used ATM cards of nine banks to withdraw the cash.

Bam Bahadur Mishra, executive director and chief of Payment Systems Department of Nepal Rastra Bank, who also led the team, said the team however was unable to find the process through which the money was stolen. “The digital forensic analysts are expected to find the hacking mechanism,” said Mishra.

According to him, the central bank through the study had pinpointed that customers’ details were leaked through the magnetic strip found in ATM cards issued by banks here. Although many banks have been using microchips in their cards, the traditionally used magnetic cards are still used to store the customers’ details, according to the central bank.

Mishra said the study has come up with the recommendation to make banks use visa cards of the European standards that use microchips to store the data. “However, since many Nepali card holders use their ATM cards in India — which also uses cards with magnetic strips — it is difficult for banks to switch to microchip alone,” he said.