AmarnepalNepal Data
Digital literacyBeginner · 10 min read

Using digital wallets and mobile banking safely in Nepal

Practical security habits for paying with eSewa, Khalti, ConnectIPS and bank apps in Nepal — how to protect your PIN and OTP, spot common scams, and keep your phone and account safe.

Digital payments are convenient, but the same phone that pays your bills can also be a target for fraudsters. The good news is that almost every successful scam relies on tricking you into giving away one secret — your OTP or PIN. Once you understand that, staying safe becomes mostly about a few firm habits.

This guide focuses entirely on safety: how to protect your accounts, how to recognise the scams that are common in Nepal, and what to do if something goes wrong. It applies to eSewa, Khalti, IME Pay, ConnectIPS and every bank's mobile banking app.

Read it once carefully, and then keep the golden rule in your mind every time your phone buzzes with a payment message: your PIN and OTP are for you alone, and no real staff member will ever ask for them.

The one rule that stops most fraud

An OTP (one-time password) is the short code sent by SMS to confirm a transaction or login. A PIN or MPIN is the secret number you set to unlock your app or approve a payment. These two secrets are the keys to your money.

No genuine employee of eSewa, Khalti, a bank, Nepal Rastra Bank, the police, or any company will ever phone you and ask for your OTP, PIN, password, or card CVV. If anyone asks for these — by call, SMS, or message — it is a scam, full stop. Hang up or ignore the message. This single rule prevents the large majority of payment fraud.

Set up your accounts to be hard to break into

Strong setup makes a thief's job nearly impossible even if they get hold of your phone. Spend a few minutes getting these right.

  • Use a unique PIN that is not your birth year, 1234, or your phone number's last digits.
  • Turn on the app lock (PIN, fingerprint or face) inside each wallet and bank app, not just the phone lock.
  • Set a screen lock on the phone itself, so a lost phone cannot be opened.
  • Use a different password for your email — your email can reset many other accounts, so it must be protected too.
  • Keep your registered phone number active and in your control; if you lose the SIM, report it to your telecom provider quickly.

Common scams in Nepal and how to spot them

Fraudsters in Nepal recycle a handful of tricks. Once you have seen them named, they are easy to catch.

  • Fake 'refund' or 'cashback' calls: someone claims you are owed money and asks you to share an OTP or 'confirm' your details to receive it. Real cashbacks arrive automatically — never via a code you read out.
  • 'Your account will be blocked' messages: urgent SMS or calls pressuring you to act fast and verify your PIN/OTP. Urgency is the warning sign; pause and verify through the official app or hotline.
  • Fake reward/lottery wins: 'You have won! Pay a small fee or share a code to claim.' Legitimate prizes never require you to pay or reveal secrets first.
  • Wrong-number 'accidental' transfers: a stranger says they sent you money by mistake and pleads for it back; the original 'transfer' is fake or reversible, and you end up out of pocket. Don't return money to unknown numbers — let your bank or the app handle it.
  • Fake QR codes or payment links: a code or link sent to 'receive' money that actually charges you. To receive money you never need to scan a code or enter a PIN — only paying requires that.

Remember: scanning and PIN means you are PAYING

A very important idea to internalise: in digital payments you only ever scan a QR, enter your PIN, or approve an OTP when money is leaving your account. To receive money, you simply share your number or username; you do nothing secret.

So whenever someone tells you to scan their code or enter your PIN 'to get money', a red flag should go up. They are reversing the truth to make you pay them. If you are the one who is supposed to receive money, you will not be asked for any code at all.

Keep your phone itself trustworthy

Your account is only as safe as the phone it lives on. A few device habits keep things clean.

  • Install apps only from the Google Play Store or Apple App Store, and check the developer's name.
  • Keep your phone's operating system and your payment apps updated, as updates fix security holes.
  • Avoid doing payments on shared or public Wi-Fi for sensitive transfers; mobile data is generally safer.
  • Don't install random APK files or 'modded' apps sent by friends or websites — these often hide malware.
  • Never let someone 'fix' your phone or app by taking it away and asking for your PIN.

If you think you have been scammed — act fast

Speed matters; the sooner you act, the better the chance of limiting the damage.

  • Immediately change your app PIN and your email password.
  • Call the official customer support hotline of the wallet or bank (find it on their official website or app, not from the scammer).
  • Ask your bank to freeze the account or block the card if your bank account is involved.
  • Report the fraud to the Nepal Police Cyber Bureau, which handles online financial crime in Nepal.
  • Keep evidence: screenshots, the caller's number, transaction IDs and timestamps.

Key takeaways

  • No real company, bank, or official will ever ask for your OTP, PIN, password or CVV — anyone who does is a scammer.
  • You only scan a QR or enter your PIN when you are PAYING; receiving money never requires a code.
  • Urgency and pressure ('act now or your account is blocked') are classic scam signals — pause and verify.
  • Lock each app separately, use a unique PIN, and install apps only from official stores.
  • If scammed, change your PIN and email password immediately, call the official hotline, and report to the Nepal Police Cyber Bureau.
Questions

How to Use eSewa, Khalti & Mobile Wallets Safely in Nepal (Avoid Scams) — FAQ

Someone called saying they are from eSewa/my bank and need my OTP to fix an issue. Is it real?+

No. Genuine staff never ask for your OTP, PIN or password. This is one of the most common scams in Nepal. Hang up, do not share anything, and if you are worried, call the company's official hotline from their website to check.

Is it safe to scan a QR code from a stranger?+

Scanning a QR is an action to PAY. If a stranger asks you to scan their code 'to receive money', it is a scam designed to take money from you. Only scan QRs at trusted shops or for payments you actually intend to make.

How much money should I keep in my wallet?+

Keep only what you expect to spend soon. Wallets are great for daily small payments, but there is no reason to store large balances there. Smaller balances mean smaller losses if anything ever goes wrong.

Where do I report digital payment fraud in Nepal?+

Report to the Nepal Police Cyber Bureau, which handles cybercrime and online financial fraud. Also contact your wallet or bank's official customer support and, if a bank account is involved, ask them to freeze it immediately.

Can a scammer empty my account just by calling me?+

Not by the call alone — they need you to hand over a secret like your OTP or PIN, or to tap a malicious link or install something. If you never share those secrets and never install untrusted apps, a phone call by itself cannot move your money.

Sources & data note

These guides explain widely-accepted SEO, AEO and GEO practice as documented by Google Search Central, schema.org and current industry research. Search and AI systems evolve continually — treat specific thresholds (e.g. Core Web Vitals targets) as current guidance and verify against the latest official documentation. Examples are tailored to Nepal's market.