-
Hacking attempts could recur unless customers quickly block their cards, highlighting ongoing risks and potential for continuous unauthorized access.
-
Kuwaiti banks benefited from the international card company, which is responsible for addressing the hacking issue. Local banks strengthen security with regular updates, robust defenses, and international-standard protection programs.
-
Most banks rely on insurance for such cases, where the insurance company compensates customers whose accounts are hacked without their fault, if the stolen money is not recovered.
If you believe that keeping your One-Time Payment Authentication Code (OTP) private guarantees complete protection for your bank account, especially for external purchases with credit cards, you might need to rethink your confidence, according to a report published in the Al Rai newspaper.
Al-Rai newspaper learned from banking sources that Kuwaiti banks successfully recovered money stolen by hackers who did not request an OTP. Withdrawals from some customers’ accounts reached up to 500 dinars. The security measures of local banks have strengthened their defenses against hackers, and the international company responsible for the hacked credit cards covered the cost of the withdrawn amounts.
Recent phishing attempts have revealed a new malicious application that allows hackers to breach international bank cards by exploiting security loopholes, bypassing the need for an OTP or clicking on suspicious links.
Sources noted that customers were shocked to find amounts withdrawn from their accounts for external purchases without their knowledge. These withdrawals were often small, typically not exceeding 50 dinars at a time, aimed at avoiding detection and preventing the customer from realizing they were victims of financial fraud.
The sources also indicated that such hacking attempts could be repeated unless customers promptly inform their bank and request their card be blocked. This ongoing exploitation underscores the risks associated with the application and the potential for continuous unauthorized access to customer accounts.
The sources stated that after closing the hacked card and conducting an investigation, it was found that the withdrawals were made by hackers from outside Kuwait. The victims had not provided their OTPs; instead, their external payment cards were compromised. This occurred without direct communication with the customers, which is atypical for hackers.
The sources noted that some customers received messages from their banks indicating that their foreign purchase withdrawals had failed, followed by others stating that they had succeeded.
They explained that Kuwaiti banks benefited from the involvement of the international card company responsible for handling withdrawals through its global network. This company is primarily accountable for addressing the hacking issue.
The new fraudulent operations did not affect local credit cards, thus obligating the company to address this security loophole and compensate the affected customers, provided they did not lose their OTP.
The sources pointed out that this situation is reinforced by the fact that victims recovered their stolen funds within 15 days of the fraud. They explained that these recoveries were coordinated with the international company responsible for the hacked cards, which quickly contacted external merchants and halted the fraudulent transactions.
The sources also noted an additional factor that reduces the risk of financial fraud for which the customer is not responsible. Most banks rely on insurance for such cases, where the insurance company compensates customers whose accounts are hacked without their fault, if the stolen money is not recovered.
They emphasized another consideration that strengthens the security of local banks: their routine updates to defenses against malicious technologies and their efforts to secure users affected by such programs. Additionally, local banks employ protection programs that meet international standards.
