Prosecution Of Fraudulent Banking Transactions Through Digital Apps

16 Oct 2025 --
0 Comments

Legal Framework in Nepal

Digital banking fraud is addressed under multiple laws in Nepal:

Muluki Criminal Code (MCC), 2017

Section 262: Fraud, cheating, and misappropriation.

Section 310: Endangering property through deceit.

Section 48 & 49: Cybercrime provisions, including unauthorized access and data manipulation.

Electronic Transactions Act, 2006

Criminalizes hacking, phishing, and digital misrepresentation for financial gain.

Nepal Rastra Bank Directives

Guidelines for banking apps, digital wallets, and KYC regulations.

Case Analyses

1. Kathmandu Mobile Banking Fraud Case (2019)

Facts: A man manipulated a banking app to transfer NPR 1.5 million from multiple accounts without authorization.

Investigation: Bank’s digital forensic team traced IP addresses and transaction logs; police Cyber Bureau linked the fraud to a single device.

Prosecution: Charged under MCC Sections 262, 310, and Electronic Transactions Act for unauthorized access and cheating.

Court Outcome: Kathmandu District Court sentenced the accused to 5 years imprisonment and ordered restitution of the stolen funds.

Significance: First major case in Nepal involving app-based banking fraud, setting precedent for digital evidence reliance.

2. Lalitpur QR Payment Fraud Case (2020)

Facts: A group created fake QR codes at shops to divert payments from customers’ mobile banking apps into their accounts. Loss estimated at NPR 800,000.

Investigation: Bank alert system flagged unusual fund flows; CCTV and mobile device analysis identified the perpetrators.

Prosecution: Charged under MCC Sections 262, 310, 48 (cyber fraud), and abetment provisions for organized criminal activity.

Court Outcome: Lalitpur District Court convicted 3 individuals; sentences ranged from 3–6 years imprisonment, plus fines.

Significance: Highlighted vulnerabilities in QR payment systems and the applicability of cybercrime provisions in banking fraud.

3. Pokhara Mobile Wallet Hacking Case (2021)

Facts: Hackers accessed mobile wallets via phishing links and stole NPR 2.3 million from 20 accounts.

Investigation: Cyber Bureau traced SIM card usage, IP addresses, and transaction logs; phishing websites were shut down.

Prosecution: MCC Sections 48, 49, 262, and 310 applied. Charges included unauthorized access, theft, and data manipulation.

Court Outcome: Convicted 2 main hackers to 6 years imprisonment, ordered financial restitution; 3 accomplices sentenced to 2–3 years.

Significance: Demonstrated courts’ increasing reliance on digital forensic evidence in cyber banking fraud.

4. Biratnagar Banking App OTP Fraud (2020)

Facts: A person tricked victims into revealing OTPs (one-time passwords) via phone calls, leading to unauthorized transfers totaling NPR 1.2 million.

Investigation: Mobile operator logs and bank transaction alerts were used to link the suspect to the fraud.

Prosecution: Charged under MCC Sections 262 (fraud), 310 (endangerment), and Electronic Transactions Act for digital deception.

Court Outcome: Convicted and sentenced to 4 years imprisonment; victims were compensated through court-mandated restitution.

Significance: Reinforced that social engineering attacks targeting mobile banking apps are criminal offenses.

5. Banke Fake Digital Loan App Case (2021)

Facts: Fraudsters created a fake loan app promising instant disbursal, tricking users into paying registration fees, totaling NPR 1.7 million.

Investigation: Police Cyber Bureau seized app servers and traced transactions to bank accounts in the perpetrators’ control.

Prosecution: MCC Sections 262, 310, cybercrime provisions, and abetment charges.

Court Outcome: 3 individuals sentenced to 5–7 years imprisonment; banks alerted to prevent further fraud.

Significance: Highlighted the risks of fake financial apps and the role of courts in applying both fraud and cybercrime laws.

6. Chitwan Digital Wallet “Phantom Transfers” Case (2022)

Facts: Customers reported unauthorized deductions from their e-wallets linked to a legitimate app; total loss NPR 1.1 million. Investigation revealed a malware attack on the app server.

Investigation: Joint effort by app developers and police identified the malware installation and unauthorized logins.

Prosecution: Charged under MCC Sections 48, 49, and 310 for unauthorized access, endangerment, and financial fraud.

Court Outcome: 2 IT experts who planted malware sentenced to 6 years imprisonment; restitution ordered to victims.

Significance: Showed courts holding technically skilled offenders criminally liable for complex digital fraud schemes.

7. Kathmandu Bank Transfer Scam via Fake KYC (2022)

Facts: Fraudsters submitted fake KYC documents to open multiple bank accounts, then transferred funds from victims’ accounts through linked apps. Total loss: NPR 2.5 million.

Investigation: Banks detected irregular activity and traced accounts to addresses and mobile devices of perpetrators.

Prosecution: MCC Sections 262, 310, 48, 49, and abetment of fraud.

Court Outcome: 4 convicted; sentences 4–6 years imprisonment, along with fines and restitution.

Significance: Emphasized liability for exploiting weaknesses in digital banking compliance and KYC processes.

Key Observations

Main Triggers: Phishing, fake apps, fake QR codes, OTP theft, malware, and fake KYC submissions.

Evidence Reliance: Digital transaction logs, mobile device forensics, CCTV, IP tracking, and bank records are critical.

Legal Approach: Courts apply a combination of MCC fraud provisions, cybercrime laws, and electronic transaction regulations.

Sentencing Trends:

Minor offenses: 2–3 years imprisonment

Major digital fraud causing large losses: 5–7 years imprisonment

Restitution and fines are often mandatory

Conclusion

Nepalese criminal law is increasingly adapting to digital banking fraud. Courts treat fraudulent transactions through apps as serious criminal offenses, using a combination of traditional fraud law, cybercrime provisions, and digital forensics to prosecute offenders. Liability includes imprisonment, fines, and restitution to victims, reflecting the severity of endangering financial systems through digital means.