KUWAIT CITY, Aug 14: If you believe that keeping your One-Time Payment Authentication Code (OTP) secure guarantees 100% protection for your bank account, especially when making external purchases via credit cards, you might want to reconsider.

Al-Rai has learned from banking sources that Kuwaiti banks have successfully recovered funds stolen by hackers from customer accounts without the need for an OTP. The withdrawals from some accounts reached up to 500 dinars. The security measures implemented by local banks have significantly strengthened their defenses against hackers, and the international company responsible for the compromised credit cards has covered the cost of the stolen amounts.

Recent phishing attempts have seen the launch of a malicious application that enables hackers to breach international bank cards by exploiting security vulnerabilities, allowing access to customer data without requiring the OTP or even the need to click on suspicious links, as is typically the case.

Sources revealed that customers were unaware of the unauthorized withdrawals made from their accounts for external purchases. These withdrawals were often small, sometimes not exceeding 50 dinars per transaction, in an attempt by hackers to avoid detection.

It was noted that these hacking attempts may be repeated on the same bank account unless the customer quickly notifies their bank and requests that the card be blocked. This ongoing exploitation highlights the risks posed by such applications, which continuously attempt to access customer accounts.

Following the closure of the compromised card, it was determined that the withdrawals were made by hackers based outside of Kuwait. The victims had not provided the OTP, as their external payment cards were hacked without any direct communication from the hackers, deviating from their usual tactics.

Some customers received messages from their banks indicating that foreign purchases had either failed or succeeded. The sources explained that the strength of Kuwaiti banks in this situation lies in the international card company’s responsibility to combat this type of hacking. The fraudulent activities did not penetrate local credit cards, placing the onus on the international company to address the security loophole and compensate affected customers, provided they did not lose the OTP.

The sources also highlighted that the victims recovered their stolen funds within 15 days of the fraudulent transactions. This recovery was achieved through coordination with the international company responsible for the hacked cards, which swiftly communicated with external merchants to prevent the fraudulent funds from reaching the hackers.

Additionally, many banks rely on insurance against such fraudulent operations. If the hacked funds are not recovered, the insurance company compensates the customer, provided they were not at fault. Kuwaiti banks are also noted for routinely updating their defenses against malicious technologies, ensuring that customers who fall victim to these schemes are protected by programs that meet international security standards.