9 tips for safer online shopping in the UAE

This year has been hailed as the coming-of-age year for e-commerce in the UAE and the wider region. The arrival of Noon and Amazon on the scene is set to have a strong impact on the e-commerce sector, prompting customers to get their hands on a vast range of consumer goods and services, all available via a tap, click or swipe.

Last month, BMI Research forecast online sales in the Middle East to double in value to $48.8 billion (Dh179.3 billion) by 2021 – a faster rate of growth than anywhere else in the world. All this comes as banks, such as Mashreq, invest heavily in digital platforms to make the online shopping experience seamless and convenient for customers.

Rise in cybercrime

The Norton Cyber Security Insights Report 2016 reported that 49 per cent of UAE residents surveyed said they had been affected by some form of cybercrime in the previous year, with a total loss of $1.4 billion. Interestingly, millennials – a generation often associated with tech-savviness – were the largest group who encountered it, at 53 per cent.

“Providing a seamless customer experience and secure banking environment are the two key challenges facing financial institutions today,” says Som.

E-commerce boom

Growth in e-commerce comes as digital becomes the future in the UAE. Mobile phone penetration is now at a world-record high of 233 per cent. McKinsey's latest research reveals that at least 80 per cent of urban consumers in the UAE now prefer to do a portion of their banking through digital channels. As customers seek the convenience and ease of digital solutions to carry out their financial transactions, they may not be fully aware of the online risks that have risen, say experts.

“We keep hearing about cybercrime and cybersecurity issues primarily in the context of corporates and institutions, but this doesn’t mean individuals and consumers are spared,” says Sam Foroutani, UAE Cybersecurity Leader, EY.

Tip 1: Threat awareness

The common cyberthreats targeting the Middle East are fraud e-mails, get rich scams, phishing, malicious apps, mobile SIM swaps, money mules and vishing, says Som. Mashreq, which is celebrating its 50th anniversary this year, is making huge investments in cybersecurity as digital payments gather pace in the country. “We invest millions of dirhams in keeping pace with the latest technology that’s available to protect our consumers and us. We also have a unit that specialises in cybersecurity and cybercrime. This is a constant challenge for the industry and a journey for Mashreq.”

Tip 2: Educating customers

For financial institutions, customers and their behavior represent a major risk to security – and access is no different. “Educating customers about risk is very important for us,” says Som. “Mashreq has an ongoing series of campaigns to educate customers about the potential risks and threats while transacting online and using the various banking channels.”

Tip 3: Password security

For Som, cybersecurity begins with securing the basics: your username and password. “First and foremost, risk is about controls and access. Simple steps are important. These include changing your password frequently, not using the same one across services and making sure they are not easy to predict. Do not share your passwords, write them down anywhere, or share them over SMS or email. A lot of people take this for granted, but many frauds start from there.”

Tip 4: Trusted devices and sites

Lulled by the convenience of digital devices such as smartphones, tablets and mobile applications, users may give little thought to security. “Whenever you download an app, you have to make sure it’s from a trusted site,” says Som. He also advocates sticking to trusted devices – ones that belong to you and under your control – for any kind of online transactions.

Tip 5: OTPs and mobile alerts

Additionally, customers need to ensure they are using security protocols such as one-time passwords and SMS verification. Should a person suspect their connection or device has been compromised, it is crucial they inform their bank immediately. Staying informed about your bank accounts with mobile banking alerts is important for secure online transactions, says Som. It is important to change PIN/passwords regularly and avoid sharing account details on e-mail or unauthenticated calls.

Tip 6: Protecting against phishing

Phishing is a common threat to e-commerce in the region, explains Som. “These are typically lookalike sites to an e-commerce or e-banking portal. The fraudster tries to capture the user’s cyber identity, then goes to the actual bank’s website and carries out the fraud.” To protect yourself against phishing, you have to be careful about the website you are in while doing the transaction, says Som. “To do that, it is better to type the actual site address (URL) into browser address line, as opposed to just clicking your favourites and going to the site. This is simple, yet important for consumers.”

Tip 7: Basic cyber hygiene

Haider Pasha, Chief Technology Officer – Emerging Markets at Symantec, says customers in the region today are more aware of cyberthreats. “When you go back and look at the past 10 years, which isn’t that far, we’ve started to see a strong increase in awareness, which is primarily led by the government,” he says. “Additionally, the banks are doing a great job of making sure their consumers have a basic level of cybersecurity hygiene as they transact online as well.”

Tip 8: Social media attacks

Today the rise of social media has helped cyberattackers and would-be hackers build a more realistic facade for duping their victims, adds Pasha. “If you are a person of high-net-worth, you’ve probably got more than one social media account. With a presence on the likes of Facebook, Twitter and LinkedIn, based on three or four profiles, I could probably deduct what type of an individual you are, the kind of people you meet and the places you like visiting. Based on that information, I can get a very good idea of who you are and actually try and contact you using social engineering.”

Tip 9: Voice-vishing

The likes of phishing have also evolved to include voice-vishing, says Pasha, which uses an automated dialer system in order for a person to actually call in and share some information that they really shouldn’t. Pasha says clients need to check their security settings to see if such protocols are active. “Most banks will give you the option of using a virtual keyboard, which is something you should definitely do because your machine might be infected with a virtual key logger.”