Nepal Rastra Bank (NRB) has directed banks and financial institutions (BFIs) to bar mobile banking app access on unauthorized VPNs. The bank has stated the provision in its amended Unified Directive for transaction 2081. The arrangement has been made to ensure user security and data privacy for banking users.
The federal regulatory bank said that if it’s found that customers are using unauthorized VPNs, then they won’t be able to log in to their mobile banking apps and Internet banking services.
Point 2 of Directive No. 3 states that “A system must be made to identify whether a customer is using a VPN while transacting on the mobile banking and internet banking system and prevent them from logging into the app if an unofficial VPN is being used.”
Likewise, NRB has also called on payment system operators (PSOs) to become public companies by 2085 BS.
NRB tells banks to regularly perform DC-DR Drill
At the same time, NRB stated that banks and financial institutions (BFIs) must perform DC-DR drills for their equipment used for payment services. If you were unaware, a DC-DR Drill is a type of test that checks an organization’s competency at handling disaster scenarios in its data center (DC) and disaster recovery (DR) infrastructure.
The directive mentions that institutions need to perform a DR-DC Drill once every 2 years and must submit a report to NRB in 15 days.
Also: Digital Transaction Limit of Mobile Banking, Internet Banking, and Wallets in Nepal
NRB to bar mobile banking apps on unofficial VPN
Reason NRB seeks to disable mobile banking apps and internet banking on unofficial VPNs is for the law and security purposes. A VPN disguises accurate locations from ISPs and authorities. This can be done to perform outlawed transactions. It’s also not ideal to trust VPNs easily for sensitive services such as banking.
On a side note, this move could also be to discourage users from using crypto-mining apps with VPNs.
Recommended: Everything You Need to Know About Mobile Banking in Nepal
Even normally, it’s best suggested that you refrain from using any VPN or use only the authorized ones if necessary.
