Muscat: Bank Muscat on Sunday said it is examining all options to recover $39 million it lost in a major fraud unveiled by US authorities last week.
"Bank Muscat is aware from press reports that a number of arrests in different jurisdictions have taken place in relation to the prepaid debit card fraud incident which we disclosed on February 25 and 26," the bank said in a disclosure statement posted on MSM website Sunday.
"We reiterate that we are exploring all avenues of recovery so as to protect shareholder interests and will advise the markets accordingly if there are any material developments in this regard."
In a globally coordinated campaign, hackers broke into two payment processing companies in India that handled the prepaid debit cards for two Gulf banks — Bank Muscat and National Bank of Ras Al Khaimah. The payment processing firms were EnStage, which operates from Bangalore, and ElectraCard Services, which is based in Pune, according to Reuters. Bank Muscat had outsourced its card processing functions to EnStage.
US and German authorities have so far arrested nine — seven in the US and two in Germany — for their alleged involvement in the $45 million pre-paid travel card fraud. Members of a global criminal organisation hacked into two outsourced credit card processors and used stolen data to make more than 40,500 withdrawals in 27 countries. According to reports, the hackers allegedly increased the available balance and withdrawal limits on prepaid MasterCard debit cards issued by the two banks. They then distributed counterfeit debit cards to 'cashers' around the world enabling them to siphon millions of dollars in a matter of hours.
Bank Muscat reported in February that its pre-paid travel cards were hit by fraud, forcing it to take OMR15 million ($39 million) provision.
The other bank involved hit by the cyber attack, National Bank of Ras Al Khaimah (RAKBANK), said that the potential loss was $4.7 million and this had been fully provided for before it closed its 2012 accounts.