Cybercrimes are a global nuisance which cost businesses nearly $1 trillion in the year 2020. The digitizing of financial systems brings various elements with malicious intent into the equation causing substantial losses to individuals and organizations.

Pakistan is not immune to these events with cases of phishing, with ATM skimming and social engineering causing people to lose money from their bank or mobile wallet accounts.

Despite security features of digital banking platforms and repeated warnings from service providers, users continue to fall victim to fraudulent activities in which their account is compromised because of sharing OTP/PINs.

OTP is a secure, system-generated ID that enables digital transactions and is one of the most highly confidential pieces of information which must not be shared under any circumstances.

In order to take an OTP from a user, fraudsters employ different kinds of techniques, ranging from posing as government/bank’s representatives or military personnel, pretending to be a friend/acquaintance to simply claiming that they have transferred money to the user’s account by mistake.

Although every OTP SMS says that the OTP should not be shared with anyone, through social engineering fraudsters are often able to convince user to do so, after which they gain access to the victim’s account and transfer funds out.

Banks and financial institutions continue to make customers aware that the organization will never call and ask them to enter an OTP or their PIN at any website, pop-up notification, or reveal it in any other way.

The onus of protecting their accounts is on customers by staying vigilant and keeping their sensitive information confidential in order to avoid being defrauded.

A bank official will never ask a user to share their sensitive details/information over call, email, or SMS and therefore, users must not share their OTP or secure PIN under any circumstances with anyone, no matter who they claim to be.