DUBAI (Reuters) - Bank Muscat BMAO.OM, the main victim of a $45 million global cyber heist, is examining all options to recover the money it lost in an unprecedented fraud brought to light by U.S. authorities.
In a globally coordinated campaign, hackers broke into two unidentified payment processing companies in India that handled the prepaid debit cards for two Middle Eastern banks, including Bank Muscat, U.S. prosecutors said on Thursday.
The payment processing firms were EnStage Inc, which operates from Bangalore, and ElectraCard Services, which is based in Pune, several sources told Reuters.
Bank Muscat had outsourced its card processing functions to EnStage, according to the sources.
The Omani lender reported in February that its pre-paid travel cards were hit by fraud, forcing it to take a 15 million rial ($39.0 million) loss provision.
"Bank Muscat is aware from press reports that a number of arrests in different jurisdictions have taken place in relation to the prepaid debit card fraud incident which we disclosed on February 25 and 26," it said in a brief statement to the stock exchange on Sunday.
"We reiterate that we are exploring all avenues of recovery so as to protect shareholder interests and will advise the markets accordingly if there are any material developments in this regard."
It gave no additional information in the statement on the measures taken to recover the funds.
The other bank involved hit by the cyber attack, National Bank of Ras Al Khaimah (RAKBANK), said on Friday that none of its customers had lost any money as a result of a cyber fraud which resulted in a loss at the Gulf bank in 2012.
($1 = 0.3850 Omani rials)
Reporting by Dinesh Nair; Editing by Andrew Torchia and Daniel Magnowski