Kuwaiti banks report an increase in complaints related to a sophisticated bank card hacking scheme targeting local shopping sites. Victims find unauthorized withdrawals from their accounts following legitimate purchases. The method involves exploiting vulnerabilities on e-commerce platforms, allowing fraudsters to access sensitive card information. Disputes arise regarding responsibility between banks and victims, further complicating recovery efforts.
In a troubling development, Kuwaiti financial institutions have observed a notable increase in complaints from individuals whose bank accounts have been compromised due to a sophisticated form of bank card hacking. This burgeoning issue involves fraudsters exploiting legitimate local shopping websites to extract funds from victims through unauthorized transactions, frequently traced back to foreign locations.
The latest tactics of this fraud specifically target patrons of popular Kuwaiti online retail platforms. Victims commonly report that after making genuine purchases, they discover unauthorized withdrawals from their accounts, predominantly traced to transactions originating from Italy, despite being physically present in Kuwait.
The fraudulent process typically unfolds as follows:
1. Customers engage in contactless smart payments on compromised websites.
2. They receive prompts to input a one-time password (OTP) and are informed that the transaction has failed.
3. Subsequently, they are urged to re-enter their card information to complete the transaction.
4. A few days later, they are alerted to unauthorized withdrawals from their accounts, usually tied to transactions made abroad.
This novel hacking scheme capitalizes on weaknesses within local e-commerce sites, allowing cybercriminals to replicate payment card data saved on users’ devices. The illicitly obtained information is exploited to facilitate multiple withdrawals, often exhausting the card’s limit before the victims become aware of the intrusion. By the time individuals notify their banks, significant losses have already been incurred.
Bank officials contend that customers bear the responsibility for such breaches, maintaining that they inadvertently compromised their own security by disclosing their OTPs. Hence, financial institutions, along with the Central Bank of Kuwait, assert that they have no obligation to reimburse the victims or recover the looted funds, particularly since related banks have validated the transactions as authorized by legitimate OTPs.
Conversely, affected customers assert that they adhered to all necessary protocols for contactless payments and were ignorant of the compromised nature of the websites they utilized. They further emphasize that some websites misleadingly claimed compatibility with payment services like Apple Pay, Google Pay, or Samsung Pay, which were actually unavailable. This inconsistency raises concerns that the websites were infected with malicious software, calling into question any responsibility placed on the victims for the breaches.
The rise in bank card hacking incidents in Kuwait, facilitated through legitimate shopping platforms, represents a significant and escalating threat to consumers. Fraudsters exploit vulnerabilities to drain accounts, often leaving victims with limited recourse. While banks attribute the breaches to customer negligence regarding security protocols, victims emphasize their adherence to proper payment practices and call for accountability from compromised websites. Vigilance and enhanced security measures are essential for consumers to protect themselves from such insidious scams.
Original Source: www.arabtimesonline.com
