The rapid growth of digital payment methods in Nepal—spanning mobile banking, QR codes, connectIPS, e-wallets, internet banking, and POS machines—has revolutionized the financial landscape. However, this transformation comes with rising concerns over the financial sector's vulnerability to cyberattacks.  

The adoption of digital payment systems has surpassed traditional methods like card and cheque payments, according to Nepal Rastra Bank’s (NRB) “ Payment Systems Oversight Report 2023/24 ”. The report credits the COVID-19 pandemic for accelerating this shift, particularly in urban areas.  

Read: Over 500 Accounts Used to Siphon Funds from F1Soft’s Citizens Bank Account: Police

Users of e-wallets grew nearly fourfold, from 6.27 million in mid-August 2020 to 23.46 million by mid-July 2024. Transactions surged by 37.71% year-on-year, reaching Rs 302.69 billion in FY 2023/24.  

Similarly, the users of connectIPS increased from 0.16 million to 1.28 million over the same period, with transactions climbing by 74.5% year-on-year to 28.13 million.  

Likewise the number of Payment Service Providers (PSPs) agents reached 17,563 by mid-July 2024, up from 5,139 in mid-August 2020.  

The surge in QR code adoption is particularly noteworthy. By mid-July 2024, nearly 2 million merchants accepted QR payments, with transaction volumes and values rising by 117.03% and 103.66%, respectively, compared to the previous fiscal year.  

Meanwhile, the traditional payment methods like debit and credit cards have seen a decline. Debit card growth dropped to 5.3% in mid-July 2024 from 12.8% the previous year, while credit card usage grew by a meager 1.9%. Prepaid cards also saw fluctuating growth rates. 

Read: Central Bank Highlights Rapid Growth in Online Financial Crimes

The shift toward digital payments has been accompanied by a rise in cyber-enabled financial crimes. Stakeholders have raised alarm over the rising vulnerability of Nepal’s financial sector to cyberattacks. While globally, the military, finance, and business sectors are the primary targets, Nepal’s banking and e-commerce sectors have emerged as the most at risk, they say. 

NRB’s “Strategic Analysis Report 2024” revealed that 63% of suspicious transaction reports (STRs) were linked to cyber fraud. Fraudsters exploit digital platforms through fake lotteries, social media scams, and phishing schemes, often targeting accounts within three months of their opening, the report says.  

Earlier in October last year, more than 500 bank and wallet accounts were used to siphon approximately Rs 35.15 million from F1Soft International Pvt. Ltd.’s account at Citizens Bank International. The hackers, reportedly from abroad, exploited system vulnerabilities to orchestrate the theft, according to the Cyber Bureau of Nepal Police.

F1Soft International is a leading provider of digital financial services to banks in Nepal. The company is also the developer of established digital payment platforms such as eSewa and PhonePay.  

Read: Nepal’s Financial Sector Increasingly Vulnerable to Cyberattacks, Stakeholders Warn

To mitigate these threats, experts and NRB suggest: Strengthening KYC protocols by ensuring accurate customer identification and linking digital services to registered mobile numbers, imposing transaction controls by setting limits and cooling periods for new accounts to reduce misuse, raising awareness by conducting campaigns for both financial institution employees and the public on the risks of cyber fraud, tightening real-time monitoring by implementing systems to detect suspicious activities and holding negligent institutions accountable, and introducing insurance-scheme for digital wallets and cards to protect consumers from fraud-related losses.  

Hempal Shrestha, a tech policy expert, warns that Nepal’s digital ecosystem, including mobile wallets, SIM cards, and email systems, remains vulnerable. He advocates for broader digital literacy campaigns and stronger collaborations between banks, telecom companies, and local governments.  

Shrestha also emphasizes the potential of a robust National ID system in reducing fraud risks.  

Kathmandu Police Requests People to be Cautious about Online Payment Frauds   

While smartphone penetration has reached 72.94% and internet access has become more affordable (dropping from $2.25/GB in 2019 to $0.27/GB in 2024), financial inclusion remains a challenge. Half of the rural population and 40% of urban residents still lack access to formal financial institutions, the latest NRB report says.