Riaz Naqvi | Special to Reach by Gulf News
This year has been hailed as the coming-of-age year for e-commerce in the UAE and the wider region. The arrival of Noon and Amazon on the scene is set to have a strong impact on the e-commerce sector, prompting customers to get their hands on a vast range of consumer goods and services, all available via a tap, click or swipe.
Last month, BMI Research forecast online sales in the Middle East to double in value to $48.8 billion (Dh179.3 billion) by 2021 – a faster rate of growth than anywhere else in the world. All this comes as banks, such as Mashreq, invest heavily in digital platforms to make the online shopping experience seamless and convenient for customers.
Rise in cybercrime
The Norton Cyber Security Insights Report 2016 reported that 49 per cent of UAE residents surveyed said they had been affected by some form of cybercrime in the previous year, with a total loss of $1.4 billion. Interestingly, millennials – a generation often associated with tech-savviness – were the largest group who encountered it, at 53 per cent.
“Both e-commerce and e-banking are growing at a rapid pace and are here to stay,” says Subroto Som, Head of Retail Banking Group at Mashreq (pictured right). “But as they are growing, so are some of the threats.”
“Providing a seamless customer experience and secure banking environment are the two key challenges facing financial institutions today,” says Som.
Growth in e-commerce comes as digital becomes the future in the UAE. Mobile phone penetration is now at a world-record high of 233 per cent. McKinsey's latest research reveals that at least 80 per cent of urban consumers in the UAE now prefer to do a portion of their banking through digital channels. As customers seek the convenience and ease of digital solutions to carry out their financial transactions, they may not be fully aware of the online risks that have risen, say experts.
Growth in e-commerce comes as digital becomes the future in the UAE
“We keep hearing about cybercrime and cybersecurity issues primarily in the context of corporates and institutions, but this doesn’t mean individuals and consumers are spared,” says Sam Foroutani, UAE Cybersecurity Leader, EY.
Tip 1: Threat awareness
The common cyberthreats targeting the Middle East are fraud e-mails, get rich scams, phishing, malicious apps, mobile SIM swaps, money mules and vishing, says Som. Mashreq, which is celebrating its 50th anniversary this year, is making huge investments in cybersecurity as digital payments gather pace in the country. “We invest millions of dirhams in keeping pace with the latest technology that’s available to protect our consumers and us. We also have a unit that specialises in cybersecurity and cybercrime. This is a constant challenge for the industry and a journey for Mashreq.”
Educating customers about risk is very important
Tip 2: Educating customers
For financial institutions, customers and their behavior represent a major risk to security – and access is no different. “Educating customers about risk is very important for us,” says Som. “Mashreq has an ongoing series of campaigns to educate customers about the potential risks and threats while transacting online and using the various banking channels.”
Cybersecurity begins with securing the basics: your username and password
Tip 3: Password security
For Som, cybersecurity begins with securing the basics: your username and password. “First and foremost, risk is about controls and access. Simple steps are important. These include changing your password frequently, not using the same one across services and making sure they are not easy to predict. Do not share your passwords, write them down anywhere, or share them over SMS or email. A lot of people take this for granted, but many frauds start from there.”
Stick to trusted devices for any kind of online transactions
Tip 4: Trusted devices and sites
Lulled by the convenience of digital devices such as smartphones, tablets and mobile applications, users may give little thought to security. “Whenever you download an app, you have to make sure it’s from a trusted site,” says Som. He also advocates sticking to trusted devices – ones that belong to you and under your control – for any kind of online transactions.
Stay informed about your bank accounts with mobile banking alerts
Tip 5: OTPs and mobile alerts
Additionally, customers need to ensure they are using security protocols such as one-time passwords and SMS verification. Should a person suspect their connection or device has been compromised, it is crucial they inform their bank immediately. Staying informed about your bank accounts with mobile banking alerts is important for secure online transactions, says Som. It is important to change PIN/passwords regularly and avoid sharing account details on e-mail or unauthenticated calls.
Tip 6: Protecting against phishing
Phishing is a common threat to e-commerce in the region, explains Som. “These are typically lookalike sites to an e-commerce or e-banking portal. The fraudster tries to capture the user’s cyber identity, then goes to the actual bank’s website and carries out the fraud.” To protect yourself against phishing, you have to be careful about the website you are in while doing the transaction, says Som. “To do that, it is better to type the actual site address (URL) into browser address line, as opposed to just clicking your favourites and going to the site. This is simple, yet important for consumers.”
To protect against phishing, be careful about the website during the transaction
Tip 7: Basic cyber hygiene
Haider Pasha, Chief Technology Officer – Emerging Markets at Symantec, says customers in the region today are more aware of cyberthreats. “When you go back and look at the past 10 years, which isn’t that far, we’ve started to see a strong increase in awareness, which is primarily led by the government,” he says. “Additionally, the banks are doing a great job of making sure their consumers have a basic level of cybersecurity hygiene as they transact online as well.”
Social media is being used by cyberattackers to dupe victims
Tip 8: Social media attacks
Today the rise of social media has helped cyberattackers and would-be hackers build a more realistic facade for duping their victims, adds Pasha. “If you are a person of high-net-worth, you’ve probably got more than one social media account. With a presence on the likes of Facebook, Twitter and LinkedIn, based on three or four profiles, I could probably deduct what type of an individual you are, the kind of people you meet and the places you like visiting. Based on that information, I can get a very good idea of who you are and actually try and contact you using social engineering.”
Tip 9: Voice-vishing
The likes of phishing have also evolved to include voice-vishing, says Pasha, which uses an automated dialer system in order for a person to actually call in and share some information that they really shouldn’t. Pasha says clients need to check their security settings to see if such protocols are active. “Most banks will give you the option of using a virtual keyboard, which is something you should definitely do because your machine might be infected with a virtual key logger.”