Third Topic”Information Security Education” under IT Guidelines of Nepal Rastra Bank
With the introduction of electronic delivery channels, customers don’t require to visit the bank branches physically to conduct banking. This has intensified the challenges of authenticating customers. Moreover, fraudsters are designing and using more advanced techniques to impersonate users and make illegal access to customers account. To defend illegal users from accessing banking system, it has become essential to well educate customers to conduct banking operation securely. To crate effective information security practice, it is also important to educate other stakeholders including its employee.
- Bank should develop information security awareness program and periodically conduct to its employees, vendors, customers and other related stakeholders. The awareness program should be customized according to the target group. It is recommended to develop mechanisms to track the effectiveness of training program.
- Bank should ensure that customers are adequately educated so that they take appropriate security measure to protect their devices and computer systems and ensure that their hardware or system integrity is not compromised when engaging in electronic banking. Bank should have appropriate procedure in place to promptly response the customers query regarding securely accessing electronics banking.
Banks are responsible for safety and soundness of their system. They should use appropriate customer authentication system to authenticate customers before access to system is allowed and customers should also be adequately educates and aware of securing their credentials.