Hackers Exploit Kuwaiti Shopping Sites to Drain Customer Bank Accounts
Kuwaiti banks report a surge in card hacking complaints, with fraudsters exploiting local shopping websites. Customers experience unauthorized fund withdrawals following legitimate purchases. The banks claim customers compromise security by sharing OTPs, while victims argue that compromised sites mislead them into unsafe transactions. Enhanced cybersecurity measures are essential to safeguard against these evolving threats.
In a troubling turn of events, banks in Kuwait have reported a significant rise in complaints from customers who have encountered sophisticated bank card hacking techniques. These methods exploit authentic local shopping websites, allowing criminals to unlawfully extract funds from victims’ accounts through unauthorized transactions, particularly from international locations.
The new scheme primarily focuses on clients of well-known Kuwaiti shopping platforms. Customers often believe they have completed legitimate purchases only to find that unauthorized withdrawals have drained their accounts, with transactions frequently originating from countries such as Italy while they remain in Kuwait.
The operation of the scam proceeds as follows: customers initiate contactless payments on compromised websites, enter a requested one-time password (OTP) for a seemingly failed transaction, and are subsequently asked to re-enter their card details. Days later, they are alerted to unexpected account withdrawals purportedly linked to overseas purchases.
This hacking strategy takes advantage of weaknesses in local e-commerce platforms, enabling fraudsters to duplicate card data stored on customers’ devices. The pilfered details facilitate repeated withdrawals, often depleting the account limit before victims become aware of the theft. Once informed, customers find that their bank accounts have already been significantly compromised.
Banking officials assert that customers bear responsibility for these breaches, stating that shared OTPs compromise personal security. Consequently, the banks and the Central Bank of Kuwait maintain they are not mandated to reimburse victims or trace the stolen funds, citing that correspondent banks have verified the transactions as authorized through valid OTPs.
In contrast, victims contend that they adhered to all necessary protocols for secure contactless payments and were misled into using infected sites. Additionally, some platforms falsely advertised compatibility with payment methods like Apple Pay or Google Pay, which were not available, suggesting that these websites were indeed compromised. Such claims lead victims to argue that the responsibility for security lapses lies with the websites themselves.
The rising incidence of bank card hacking in Kuwait underscores the critical need for enhanced cybersecurity measures for e-commerce platforms. As fraudsters employ increasingly sophisticated techniques, both banks and consumers must adopt a proactive stance towards securing transactions. Collaborative efforts between financial institutions and local businesses could significantly mitigate these threats, ensuring the safety of customer funds and reinforcing trust in online shopping.
Original Source: www.arabtimesonline.com
