The rapid advancement of digital payment technologies has made transactions seamless and efficient. However, cybercriminals are now leveraging sophisticated hacking techniques to compromise payment cards, leading to unauthorized transactions abroad—particularly in Italy.

How the Scam Works

Recent reports indicate that hackers are manipulating smart payment systems to gain unauthorized access to customers’ financial data. Here’s how the fraud unfolds:

• Customers make legitimate purchases on Kuwaiti e-commerce platforms.
• During checkout, an option for contactless smart payments appears, requiring a one-time password (OTP).
• Upon entering the OTP, customers receive a failure notification and are prompted to retry by entering their card details manually.
• Despite receiving their purchased items, customers later discover unauthorized withdrawals from their accounts for international purchases.

Hackers have found ways to intercept digital payment data stored on smartphones, enabling them to use the information for fraudulent transactions. By the time victims notice suspicious withdrawals, cybercriminals have already maxed out their card limits.

Kuwaiti banks acknowledge the rise in these fraudulent transactions but emphasize that customers bear responsibility for their own financial security. Key points from banks include:

• The OTP was willingly entered by victims, making it a legitimate transaction in banking terms.
• The Central Bank of Kuwait serves only as a regulatory body and does not offer compensation for stolen funds.
• International transactions processed correctly cannot be reversed by correspondent banks.

Many affected customers argue that they are not at fault, claiming that:

• Hackers injected malicious code into reputable Kuwaiti websites, capturing payment details in real-time.
• Contactless payment options like Apple Pay, Google Pay, and Samsung Pay appeared on these sites, even when not officially supported by merchants.
• The fraud was not due to user negligence but rather a sophisticated cyberattack targeting legitimate transactions.

Reports suggest this form of cyber fraud has persisted in Kuwait for months, with no concrete solutions. Website operators have attempted to fix security flaws, but the precise method used by hackers remains unclear.

How to Protect Yourself from Digital Payment Fraud

To minimize the risk of falling victim to such scams, banks advise customers to:

• Set spending limits: Maintain a low spending cap on cards used for online purchases.
• Use virtual cards: Link digital wallets (Google Pay, Apple Pay, Samsung Pay) to a virtual card with a minimal limit.
• Be cautious with OTP requests: Smart payment transactions typically do not require an OTP; any unexpected request should raise red flags.
• Monitor transactions closely: Regularly check account activity and report unauthorized transactions immediately