Certain vulnerabilities have been identified in the security system of the state institution "PrivatBank," which allow fraudsters to carry out unauthorized withdrawals from clients' cards.
This information was shared in a complaint on the "Minfin" portal. PrivatBank explained the circumstances under which it cannot guarantee the protection of its clients' funds.
A client of "PrivatBank" reported receiving a notification on their phone about an attempt to withdraw funds, but the operation was declined due to insufficient balance.
"Today, just before six in the morning, I saw a message from Privat24 saying 'insufficient funds.' I didn't have enough for a Domino's pizza in Houston. I look around - but I'm not in Houston, nor even in the USA. We live in a time when card details can be stolen" even from trusted websites, so if this had been an online payment attempt, I wouldn't have even bothered to report it here," the "PrivatBank" client stated.
The "PrivatBank" client is astonished by the situation, as it was a contactless card payment, and the card was with him, along with his ApplePay device.
The PrivatBank support operator is unsure how this contactless transaction was executed.
"The operator performed all their duties, but I have questions for the bank. How could a contactless payment occur if the card was with me, and I did not receive any notifications about being added to unfamiliar devices for Apple Pay or Google Pay?" the Ukrainian noted.
He speculated that the card details might have been stolen online, and in that case, he set a zero limit on internet payments. The main question for the bank is how the security system allowed the card information to be added to a device for contactless payments without prior notification.
The client believes he was fortunate that there were no funds on the card, as in the case of a payment attempt, the internet limit would not have activated, and the card could have been "cleaned out" within minutes.