सुरक्षित, सरल र समयको बचत

MobiToken is a secured two-factor authentication process. The first factor is your transaction password and the second factor is the One Time Passwords (OTP) generated by Mobitoken for each online transaction. OTP can be sent through SMS and/or email in your registered mobile number and/or email address or you can also install MobiToken App (an OTP generator) on your mobile device from your NabilNet user portal.

Second-factor authentication provides an additional layer of security for all your online transactions. You need to provide your valid mobile number and email id during the account opening process or update details immediately in your bank account when they change.

A simple registration process that lets you be in control of your account from around the world through NabilNet. You can download and duly complete the NabilNet application form and submit it at any of our branches or you can reach our Customer Service Desk (CSD) or your Relationship Manager for more information.

Simply check your mobile number and email address accuracy before registering to MobiToken.

• Login to “NabilNet”
• Click on "Customize" tab
• Click on "My Profile" tab
• Check the fields: "Your email address" and "Mobile Number”
• If your email address and mobile number are correct then please register for MobiToken; else please visit your nearest branch to update or change your details.

• Login to “NabilNet” with your User ID & Login Password
• Select “MobiToken”
• Click on “MobiToken Registration” button
• Select “SMS/Email Based” or “Device Based” authentication mode
• Click on “Submit”
• Click on “I Agree” to accept Terms and Conditions
• Enter “User ID” and “Transaction Password” and Click “Ok”
• Upon selection of SMS/Email based, you will be successfully registered after completing above steps
• If your selection is Device Based, you need to follow the additional steps mentioned below
• Click on “Generate Activation Code”
• The system will deliver the activation code to your registered Email ID and Mobile Number
• Click on “Download MobiToken App” and input 5 digits activation code received in your Email ID and Mobile Number
• Select your “Device Type” (J2ME, BlackBerry & Android) you want to install the app on
• Click on “Submit”
• Create your “MPIN” & Re-enter it
• Click on “Submit” and it will navigate you (User) to download application
• Click on “Download and Acknowledge Button”
• Click on “Ok” to download application in the desired location
• Once downloaded, you can install the same in your mobile too

Mobitoken User Manaul

Click here to download NABIL 2FA MobiToken User Manual

At Nabil Bank, it is our continuous endeavor to make you aware of the simple steps to help avoid compromising your details to online scams such as Phishing, Vishing, Spoofing etc.

In the event of you suspecting any abnormal activity on your Nabil Bank Account, immediately inform at your nearest branch or email at card@nabilbank.com.
We look forward to your support in combating fraudulent attempts.

Phishing

Phishing is a global problem faced by Banks worldwide. It is an attempt to 'fish' for your banking details. Phishing could be an e-mail that appears to be from a known institution like banks/a popular website asking confidential data like user id and transaction password, One Time Password (OTP), Unique Reference No. (URN) etc.

Spear Phishing

Spear phishing is a targeted phishing attempt through an e-mail that appears to come not only from a trusted source with a context customized /personalized but often will be relevant to either current projects of developments within the company, or maybe related to family events.

Spoofing

Spoofing attacks refer to tricking or deceiving the users, by faking the identity of another user, over email, phone, website etc. Website spoofing is the act of creating a website, as a hoax, to perform fraud. To make spoof sites seem legitimate, phishers use the names, logos, graphics and even code of the actual website. They can even fake the URL that appears in the address field at the top of your browser window and the Padlock icon that appears at the bottom right corner. Even Emails can be spoofed to make the victim believe that it has been sent by a trusted sender and lead victim to share sensitive information.

Vishing

Vishing is an attempt of a fraudster to take confidential details from you over a phone call. Details like user id, login & transaction password, OTP (One Time Password), URN (Unique Registration Number), Card PIN, Grid card values, CVV, or any personal parameters such as date of birth, mother's maiden name. Fraudsters claim to represent banks and attempt to trick customers into providing their personal and financial details over the phone. These details will then be used to conduct fraudulent activities on your account without your permission leading to financial loss.

SIM Swap

Your mobile phone is a convenient banking channel. You can get account-related alerts and the One Time Password (OTP) required to carry out banking transactions and make various financial inquiries through your mobile. However, if you do not take a few simple precautions, a criminal can divert these alerts by getting your genuine SIM exchanged with a duplicate SIM through your service provider to commit fraudulent activities.

Smishing

It is a combination of short message service (SMS - also known as text messaging) and phishing (the act of emailing someone with the intent of obtaining personal information that can be used for identity theft). In this case, the fraudster sends a message over SMS, rather than Email. Smishing message may look like "You have won 2 free tickets to Thailand, visit this website to claim your prize". Clicking on the link may lead you to a website asking for personal information. These are becoming common due to smartphones becoming more popular.

Frauds through Social Networks

Social media sites are fast being popular among fraudsters also and celebrations times are easier to lure the users. For example, the latest tool observed is an invite to install a “Valentine Theme” on one of the most popular social networking website. The install button prompts the download of a malicious browser extension that monitors the user’s activities. Sometimes users are redirected to a survey page asking them for vital information like name, mobile number etc.

• Nabil Bank or Government and Regulatory bodies, including the Income Tax Department/Nepal Rastra Bank (NRB), will never ask for any confidential information over e-mail or phone call.
• Treat any e-mail message that asks for confidential/personal information with suspicion. Do not respond to any web-forms in e-mails, that ask for your NetBanking or email user id/passwords, ATM card number or PIN, Date of Birth, Mobile number etc.
• Never use a link in an e-mail message to log on the Nabil Bank website. Type the URL directly into your browser’s address bar to ensure that you are reaching the correct web page. Access the official Nabil Bank website via www.nabilbank.com
• Do not open e-mail attachments from unverified/unexpected sources or instant message download links. Delete such suspicious e-mail messages immediately.
• Do not access Nabil Bank NetBanking or make payments using your Credit/Debit Card from shared or unprotected computers in public places.
• Setup either email and/or SMS alerts on your Nabil Bank NetBanking for all transactions on your account(s).