Connect with us

Tech updates

Your bank money can get stolen even without pin or OTP you probably didn’t know



One of the worst thing that can happen to you in this life after going through a lot, putting lots of effort, going through certain risk in life to make money, Is to discover that all your bank savings are gone.

Someone has gotten unauthorized access into your bank account (perhaps a cyber criminal).

I can’t imagine how the feeling will be like. Some people may even attempt suicide.

The sad thing here is that 95% of this account theft are caused by people’s carelessness and ignorance not the bank.

That’s why i have chosen this topic to enlighten you on ways your bank money can be stolen even without OTP or pin so you can be informed and protect your self.

Just as technology is rapidly advancing, cyber criminals are always devicing different techniques of stealing people’s bank money

With that said, here are 6 ways your bank money can get stolen even without OTP or pin

#1. Through online purchase from foreign site

One time password (OTP) are needed even though pin is not needed in most cases in making online purchase using any payment gateway in nigeria

but in most foreign website none is needed in making purchases online using your ATM card details.

Fraudsters can use only the details on your Atm card such as card number, expiring date and Cvv2 number to make purchases from foreign sites. They use your card details to buy products, gifts card on foreign website and then resell those goods.

Why is this possible?

Well, some payment gateway redirects you to your bank portal to complete your online transactions and while some don’t(mostly foreign ones)

Going to your bank portal to finish up your transaction is the reason you get one time password (OTP)

Most foreign payment gateway don’t redirect you to your bank to complete payment. All payment are completed on their platform.

That’s the reason you don’t get (OTP) during payment in most foreign site.

The first time i noticed this was possible, was when I purchased an online course of $12.99 on udemy, I only keyed in my card details and the payment was processed. I was surprised because I was expecting them to request for either my pin or OTP but none of that was requested.

To prevent fraudsters from stealing your bank money using this means don’t leave your card details exposed (cards eligible for online transaction)

ALSO READ  If You Are Using Gas To Cook Your Food, Take Note Of These Things In Order To Save Your Life

Don’t give your ATM card to someone to make withdrawal on your behalf as you may be a victim of fraudster who may steal your card details.

When your notice any unknown online payment using atm card, get the card blocked immediately through your bank app or by calling your bank’s customer care line.

Report such case to your bank and any relevant authorities for proper investigation.

Most of this fraudsters sell your card details to expert in black market to avoid been traced.

#2. Through the use of keyloggers

With a keylogger, A cyber criminal can intercept your personal details, bank login details, ATM card details, email login details, username, passwords and other confidential details

What’s a keylogger?

Keyloggers are software or app that records all your keyboard inputs. That is everything your type via keyboard.

keyloggers records every keyboard inputs both important and unimportant ones, the Cyber criminal gets to scans through for your vital details.

There are two ways fraudsters can use it to steal your bank money

It’s either they install it on their device and when you use their device for things like browsing, online shopping, Account funding, online transaction, email login and others, you unknowingly expose your confidential details.

They can also install it on your device.

They can do this through direct access to your device, spammy link or attachment file sent to your email, disguised software or app and other means best known to them.

When disguised software or apps are used, it will send the recorded details to the Cyber criminal’s server. They may also retrieve recorded detail through direct access to your device.

In phones this may replace your phone existing keyboard. You get a fake keyboard which records every input you make

Mind you if such app is giving certain permission on your phone settings such as permission be to read SMS,

This can send vital details such as verification code, OTP, to the fraudster when needed.

Tips that will help you prevent this

Don’t input bank details and any vital or confidential details while using other people’s phone for browsing

if you must do so ensure that person is trustworthy and not fraudulent

Install a good antivirus in your system (do frequent update when necessary) as this will help you detect and remove such

ALSO READ  This Is How the Internet of Things Works

Don’t download app or software from an unknown source, always check reviews and number of downloads before downloading

Check phone properly when you notice a different keyboard or change in your keyboard

Avoid spammy email and also attached file from an unknown source in emails and others

Most offers online are too good to be true, as you may be lured to click links and input certain vital details

Limit the access you give to unimportant apps on your phone settings

Use a strong devices lock e.g strong password, pin, fingerprint e.t.c

#3. Through email hack

There is more to this than your think.

You use your email account for almost all your online registration and as such they are use for password retrievals.

All your online login details of different platform saved on your browser especially chrome are all stored in your email account.

When your email get hacked, A cyber criminal can access your accounts on different platforms by either using password retrieval method or by viewing your saved login details.

Most of us save card details on different platform when we do online transaction e.g on shopping site, betting site, paid course site, payment site and others.

Not that they can transfer your money to other bank account when they get access but they can get you completely logged out and exploit your saved card or existing find.

your account get to be used for further transaction like further purchase, funding your betting account, pay for online courses e.t.c with the aid of your saved atm card details depending on the platform.

For Example

A friend of mine lost 30000 naira


This email got hacked, the hacker retrieved his bet9ja account password using the email, his winnings were transferred to another bet9ja account, his saved card details was used to fund the his bet9ja account and subsequent transfers were made. He had to call customer care to get this account blocked. All these were done because of hacked email.

To prevent this

Set two factor authentication in yours email as this will deny hacker access to your email even though they have your password

#4. Using your card details on an unsecured website (website without SSl certificate)

SSL certificate is an encryption that ensures that important data such as usernames, passwords, and debit card information is sent from the user to the website without the risk of interception.

ALSO READ  Out Of Call Card? See How To Make Someone You Are Calling Pay For Your Call

Before you use your card details on any site ensure it begins with https instead of http. E.g https// is secured while http// is not secured.

When a site is not secured, the site owner can intercept your personal details and card details when you input them on their site.

You can also identify a secured site with the padlock sign or the word secure written at the top left corner.

A good browser or antivirus will also help you detect an unsecured website.

#5. Downloading fake Bank app

Just as cyber criminals create fake bank site, they also create fake Bank app. When you download this app,

In the cause of using it. It request for your vital bank details which is then sent to the server of the cyber criminal when you input them.

To stay safe,

Don’t download bank app from an unknown source,

Always download from play store (for Android users) or app store(for iPhone users) and also,

Endeavour to check for reviews and the number of downloads before downloading any app.

#6. Lost SIM card

You use your sim for transfers, to get verification codes, OTPs, for email password retrieval and others.

When fraudsters get hold of your sim much damage could be done to you depending on the level of your vital details they possess.

Fraudsters have now device means to bypass ussd transfer pin so when they get your sim they are able transfer your money(depending your ussd transfer limit.)

To be on a safer side, endeavour to set pin lock on your sim, when you lose your sim it will be useless to them, as the pin code will deny them access to your sim.

If you are not comfortable with sim pin code, use phone lock but when you lose access to your sim you will need to contact your bank customer care line for quick deactivation or you go for welcome back immediately.


Ensure you follow the preventive measure listed and endeavour to call your bank immediately you notice any irregularities in your bank account.

Don’t forget to Share so others can learn this.