Banks use two options for additional security to verify user identity during sensitive operations, such as financial transfers or login. Typically, an OTP (One-Time Password) code is sent via text message to the customer's phone number registered with the bank, with an emphasis on the need to maintain its complete secrecy. Confirmation of the transaction, in turn, is requested through the app by scanning a specific arrow within the bank's smart application window. In detail, banker Tamer Abu Bakr told Al Ittihad: "According to banking laws and regulations, banks are obligated to provide advanced protection systems to ensure transaction security. However, this responsibility is not absolute; it is matched by the customer's responsibility to maintain the confidentiality of their data." Abu Bakr explained: "The bank is liable in specific cases, including a technical or security glitch in the bank's systems, if the bank fails to take sufficient measures to verify suspicious transactions, and if the bank delays responding to a customer's report of fraud." Two bankers confirmed to Al Ittihad that banks do not bear responsibility for any hacking of a customer's bank account and do not compensate them if it is proven that the customer themselves confirmed transactions or payments through the bank's smart app, or entered their password and OTP code. They pointed out that this is the most common case, where a customer might sometimes overlook and enter their data or confirm purchase transactions without sufficient attention. Conversely, they clarified that banks are liable to compensate the customer in specific cases, the most prominent of which are: a technical failure in the bank's systems, if the bank fails to take adequate measures to monitor and combat suspicious transactions, and if the bank delays its response to a customer's report of their account being hacked. It is worth noting that banks operating in the country have recently shifted to confirming transactions and electronic payments through the bank's smart app, while the OTP code remains optional. In turn, Abu Bakr confirmed that the customer bears responsibility if it is proven that they shared the OTP code with anyone, even if they believe it is a bank employee, or if they entered the code on an untrusted website or link, or ignored the bank's repeated warnings not to share this data. He explained that in such cases, banks are not committed to compensating the customer, as long as investigations prove that the error was made by the customer himself. He added that the procedure in this case involves the customer obtaining an official bank statement and presenting it to the police, which in turn takes over the matter. On her part, banking expert Sheikha Ali said: "Banks continuously strive to raise awareness among their customers through text messages and official applications, constantly emphasizing a clear phrase: 'Do not share your verification code with anyone.' She noted that this warning helps strengthen the bank's legal position in cases of fraudulent transactions resulting from the customer's violation of these instructions, which absolves them of compensation liability in case of financial loss." She added that "competent authorities examine each case separately, taking into account the customer's behavior and the extent of the bank's compliance with protection measures," pointing out that in many cases, the customer was assigned a significant portion of the responsibility upon proof that they shared the OTP code." Ali also provided a set of tips for customers, the most important of which are: never sharing the OTP code under any circumstances, ignoring any calls requesting banking information, relying only on the banks' official applications, and the necessity of immediately reporting any suspicious activity. She stressed that protecting bank accounts from hacking attempts is a shared responsibility between the bank and the customer; while banks must continuously develop their security systems, the customer's awareness and commitment to safety guidelines remain the first line of defense against fraud.
