KATHMANDU, April 17: Nepal Rastra Bank (NRB) has issued a unified directive mandating payment service providers (PSPs), banks, and financial institutions (BFIs) to install real-time notification systems for suspicious activity at ATM counters, among other strict security measures aimed at safeguarding digital payment users.
The directive, released on Thursday, focuses on strengthening governance practices and risk management systems within the digital payments ecosystem. It requires PSPs to mandatorily install several safety-related software solutions, including firewalls, antivirus/malware detection software, intrusion detection/prevention systems, monitoring and log analysis tools, and cryptographic systems for customer protection.
Under the new rules, all ATM transactions must be based on chip-and-PIN technology. CCTV cameras installed at ATM counters are required to have a minimum memory backup of 90 days. Furthermore, service providers must arrange an instant notification system to alert authorities and customers about any suspicious activities detected at ATM counters.
NRB recorded 57 percent more cases of suspicious transactions i...
The central bank also set new transaction limits. The daily limit for transfers between a bank account and a digital wallet is set at Rs 200,000, with a monthly cap of Rs 1 million. Wallet-to-wallet transfers are limited to Rs 50,000 per day and Rs 500,000 per month.
Since October last year, the NRB has reduced the daily ATM withdrawal limit to Rs 50,000 from Rs 100,000. The per-transaction withdrawal limit has been lowered to Rs 20,000 from Rs 25,000, and the monthly withdrawal cap is now Rs 300,000, down from the previous Rs 400,000.
However, BFIs have been granted flexibility to adjust withdrawal limits based on their cash handling capacity, geographical location, security management, and specific situational factors.
Additionally, the central bank has imposed a ceiling of Rs 300,000 for single transactions made via mobile apps, including QR code payments, and Rs 2 million for web application-based payments.
For credit cards issued by PSPs other than BFIs, the transaction limit has been set at Rs 5,000 per day and Rs 25,000 per month. Meanwhile, regional-level development banks, finance companies, and micro-finance institutions have been authorized to issue other types of electronic payment cards, but not credit cards.
