Dubai: The Dubai Civil Court of Appeal has ordered a local bank to indemnify a businesswoman who lost Dh48,000 after her current account was hacked.
The precedent-setting verdict overturned an earlier Dubai Civil Court decision that absolved the bank from any liability and blamed the complainant for compromising the security of her account's log in name and password which made the unscrupulous transfer of money possible.
According to the appellate court the bank should have informed their client each time a transaction was made. "The money was transferred from the businesswoman's account over two days. The bank should have informed the woman of each money transaction done during those two days. The bank informed her after four days… hence the bank is accountable for that mistake and the consequences that followed. The court decided that the bank is liable to repay the transferred amounts to the businesswoman," the appellate court said.
Court records said that the Asian businesswoman, who owns a fast food restaurant, lost Dh48,000 after she was victimised by a phishing syndicate who hacked into her account and illegally transferred the money to pay 86 mobile phone bills.
Phishing refers to the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and bank account numbers, online. The businesswoman's counsel, Gassan Daye, of Dr Habib Al Mulla and Co Advocates and Legal Consultants, told the court: "My client did not carry out those online transactions. The bills did not belong to her as well."
During the trial, the Dubai Civil Court sought the opinion of a banking expert who said that the businesswoman was responsible for the security of her transaction based on the online banking agreement she signed with the bank. In his report, the expert said the bank activated the client's mobile notification service four days after the money was transferred from her account.
The Civil Court dismissed the businesswoman's lawsuit, prompting her to elevate the case before the appeals court.
"The core problem of this case is that the expert's report failed to identify the identity of the person, who did the transactions over the Internet. My client did not carry out those online transactions. A hacker hacked into her account and paid the bills. The bank is responsible that money," the complainant's counsel argued.
According to the appellate verdict, the bank should have informed the claimant about each online transaction individually.
"The bank was mistaken by not informing the claimant about the online transactions except four days after they were done. The bank bears that responsibility and should repay the transferred amounts to the claimant. The bank should also pay the businesswoman 9 per cent legal interest as well," the appellate court said.