Kuwaiti Shopping Sites Targeted: New Schemes Drain Bank Accounts

Kuwaiti banks have reported a rise in bank card hacking linked to local shopping sites. Cybercriminals use a sophisticated method involving legitimate e-commerce platforms to drain funds from customers’ accounts without consent. Victims claim they unknowingly entered information on compromised websites, while banks argue customers must take accountability for sharing their OTPs. This ongoing issue highlights significant gaps in security practices and consumer protection.

In recent reports, Kuwaiti banks have noted an alarming increase in bank card hacking incidents targeting local shoppers. Cybercriminals exploit established shopping websites, enabling unauthorized transactions that lead to the draining of victims’ bank accounts. This sophisticated phishing technique continues to pose serious risks to consumers and financial institutions alike.

The new fraud scheme utilizes popular Kuwaiti shopping sites where unsuspecting customers enter their card details. Victims make legitimate purchases but later find funds withdrawn without their consent, often from overseas locations like Italy. The typical sequence includes:
1. Customers attempt to complete contactless payments on compromised websites.
2. Upon entering a one-time password (OTP), they receive a message indicating the transaction failed.
3. Subsequently, they are prompted to re-enter their card information.
4. Days later, victims notice unauthorized withdrawals from their accounts linked to these failed transactions.

This growing method exploits existing vulnerabilities within local e-commerce systems, allowing criminals to capture data from cardholders’ devices. Fraudsters repeatedly withdraw funds, often reaching a card’s limit before victims detect the irregularities. By the time customers notify their banks, significant amounts of money may have already been removed from their accounts.

Banks assert that customers bear responsibility for these breaches by sharing their OTPs, thus suggesting that they compromised their account security. They maintain that as regulatory entities, entities like the Central Bank of Kuwait aren’t required to reimburse victims, particularly since these transactions were confirmed through valid OTPs.

Conversely, victims contend that they adhered to secure payment practices and were unaware of the compromised state of the shopping websites. They emphasize that many sites misrepresented support for secure payment methods like Apple Pay or Google Pay, indicating possible malicious code presence. This contradiction suggests a significant flaw in the security measures of these websites, shifting some liability away from customers.

As this issue continues to affect numerous shoppers, it is essential to understand how to protect oneself from such fraudulent activities in the e-commerce landscape.

The increase in hacking incidents targeting Kuwaiti shopping sites raises serious concerns for both consumers and banks. The method of exploiting e-commerce vulnerabilities to drain bank accounts reveals a gap in security practices and consumer protection. While banks attribute responsibility to customers for sharing OTPs, victims argue that misleading website functionalities contribute to the breaches. Addressing this issue requires improved security measures and clearer accountability from both financial institutions and online vendors.

Original Source: www.arabtimesonline.com