Standard Chartered Bank appears to have recently encountered a major security flaw, in which customers of the bank have allegedly lost more than Rs. 50,000 – 70,000 due to a simple security flaw that verifies online transactions without requiring a One Time Password (OTP). The security flaw was reported on Twitter by the cofounder of RAPTR games Habibullah Khan.
Due to a Security Flaw, Multiple Transactions Occur Without OTP Verification
According to Habibullah, multiple transactions have happened automatically through his Standard Chartered debit card, and money was withdrawn from his account without any OTP verification. He says the transactions sometimes happen with Apple Store or Uber and he loses money every time. He states his claim with a screenshot that shows several online payments made to Apple without submitting an OTP.
1/n There is a serious security issue at Standard Chartered Pakistan @StanChartMENAP – If you are a Standard Chartered Customer or know a Standard Chartered customer please read this.
In a matter of minutes people have lost 54,000 to 72,000 rupees pic.twitter.com/8R5bM0Vnma
— Habibullah Khan (@Huk06) July 26, 2022
Moreover, Standard Chartered has not admitted to having this problem, nor have they addressed it. They have only said that they are investigating the problem and it may take up to 4 months “as per Visa International association guidelines for closure”. The below-mentioned screenshot shows that Habibullah is not the only victim of this issue as dozens of others have reported it on social media.
Happened with me. Woke up to 75,600 gone from the credit card. Checked with other people and happened the same with them over the course of months. @StanChartMENAP couldn’t care less to fix this security issue. https://t.co/ZkR2wWMFDz
— S. (@Shahkaarr) July 26, 2022
Standard Chartered Claims That There is No Problem on Their End
Standard Chartered, on the other hand, has said that there are no problems on their end and their systems remain unaffected. The bank claims that it only happens with non-compliant merchants or if a card is used on an infected device. The official statement from Standard Chartered states, “For reasons of client confidentiality we cannot share any details. Rest assured, we have robust processes and procedures in place and our systems have not been affected.”