According to Kartik Taneja, Head of Payments at Mashreq Bank, since the outbreak of the coronavirus, the use of e-commerce in the UAE has grown exponentially. “From a pre-Covid average of around 30 per cent, e-commerce now represents almost 50 per cent of transaction value at Mashreq, which has been recognised as the Best Consumer Digital Bank and the Most Innovative Digital Bank in the UAE (Global Finance 2020). This figure of 50 per cent is significant as it happened within the context of a reduction in airline and hotel bookings,” he says.
With such a large increase in people’s online transactions, there has also been substantial growth in cybercrime and hacking. In December, Mohamed al-Kuwaiti, head of UAE Government Cyber Security, addressed the Gulf Information Security Expo and Conference in Dubai. He said that since the outbreak of the pandemic, there has been a 250 per cent increase in cyberattacks in the UAE. “There is a cyber pandemic, not only a biological pandemic,” he said.
According to a recent report by global cybersecurity company Kaspersky, the UAE experienced more than 15.8 million brute force attacks (where trial-and-error is used to guess login info) on remote desktop protocols (RDP) in 2020, illustrating the scale of the cyber security issue.
We constantly educate our customers on the importance of keeping their financial details safe, and educate them on how to protect themselves from various evolving fraud trends.
As more UAE residents work remotely and pay for their groceries and other items through e-commerce sites using their credit cards, what steps are banks taking to ensure their customers’ details are secure?
A progressive approach
In his UAE Banking Perspectives 2020 article, Sheikh Shadab Nawaz, Director Digital & Innovation, KPMG Lower Gulf, said, “Currently, the more progressive banks recognise cyber security is not purely a ‘technology problem’ but rather a wider business challenge that requires business ownership and strategic development, with clear, aligned support from technology teams.
“These banks tend to have their information-security risk management processes closely integrated with the overall enterprise risk management framework, to ensure every risk decision is made based on their defined-risk appetite. Chief Information Security Officers (CISOs) have generally reoriented their focus from just ‘keeping the lights on’ to being fully cognizant of the business side of these issues.”
Nawaz also said that banks that train their employees on cyber security have managed to achieve some significant advantages in keeping their customers’ data safe. “Some banks have achieved encouraging results through training employees to develop cyber scenarios, thereby building an understanding of the nature of cyber incidents and their impact on the business. These banks are tailoring information-security training to raise awareness of specific threats (including gamification that engages their audiences), rather than providing standard training,” he said.
Protecting the public
Taneja says that Mashreq have taken a number of steps such as the use of data encryption and educational campaigns to protect members of the public. “We use global best practices, including those suggested by Visa, MasterCard and other payment schemes. Solutions like 3-D Secure (sending a password before a transaction is completed), PCI-DSS compliance [Payment Card Industry Data Security], data encryption as per global standards, and other measures give customers peace of mind,” he says.
“We are also working on new-age solutions like risk-based authentication, which ensures customers enjoy frictionless payments, while being protected from fraud. One of the most important measures is consumer education. We constantly educate our customers on the importance of keeping their financial details safe, and educate them on how to protect themselves from various evolving fraud trends.”
Taneja says that if someone thinks the personal financial information is no longer safe, they should act as quickly as possible and block their cards. He says that individuals should also report any disputed transactions. “The moment a customer feels their details have been compromised or their card is being misused, they should log on to Mashreq Mobile app and click on card control to temporarily lock their card, which is done instantly. We ask for temporary lock because, in many cases, customers eventually realise that a transaction they were worried about was genuine,” he says. “If the customer still suspects fraud, they can also use the mobile app to request for a replacement card, which will be couriered to them in one to two working days. Any disputed transactions need to be handled by visiting our website at www.mashreqbank.com and emailing us the filled out dispute form. Mashreq works diligently with stakeholders, including payments schemes, to maximise the chances of successful dispute refunds.”