Dubai: It was past midnight when Fahmi received a text message in Dubai about a purchase worth Dh7,000 from a store in the United States. His credit card had been used for the purchase.
The 37-year-old Dubai-based engineer immediately knew that he had become a victim of credit card fraud as he had never travelled to the US. He called his bank and reported the scam before getting his card blocked and changing the PIN to prevent further misuse. Fahmi then filed a transaction dispute with his bank and a police complaint as well.
“The bank accepted my request to investigate the fraudulent transaction and after eight weeks, the money was returned to my card account after the bank confirmed that it wasn’t me who had used the card in America,” Fahmi told Gulf News.
However, Fahmi is not the only victim to have fallen prey to a credit card fraud. Individuals and businesses around the world have had to deal with such nightmares. The issue of cybercrime involving bank accounts and credit cards is not a new one. For the last several years, the world has been rocked by headlines involving prominent individuals, companies and even governments that have fallen victim to cyberattacks.
Cyberattacks on the rise
As the world has become dependent on online transactions, more so after the COVID-19 pandemic, cyberattacks have increased significantly and the methods used by cybercriminals have become even more sophisticated and innovative.
According to Wageh Amin Abdelaziz, senior legal adviser at World Centre, banking transactions have a solid legal protection in the UAE under Federal Law No 14 of 2018. “The law can punish whoever intentionally discloses confidential banking and credit information related to a customer’s account, deposits, safe deposit boxes and trusts with licensed financial institutions and related transactions. The punishment is imprisonment and a fine between Dh100,000 to Dh500,000,” Abdelaziz told Gulf News.
He pointed out that punishment for anyone violating Article 120 of the same law states: “All data and information relating to customers’ accounts, deposits, safe deposit boxes and trusts with licensed financial institutions and related transactions shall be considered confidential in nature and may not be perused, or directly or indirectly disclosed to any third party without the written permission of the owner of the account or deposit, his or her legal attorney or authorised agent and in legally authorised cases.”
Detecting internal and external fraud
He said UAE Central Bank has a customer protection system to regulate the relationship between customers and financial and banking service providers.
“The framework obliges licensed financial institutions to use their resources to detect internal and external frauds as well as prevent them in the future,” he added.
UAE law can punish whoever intentionally discloses confidential banking and credit information related to a customer’s account, deposits, safe deposit boxes and trusts with licensed financial institutions and related transactions. The punishment is imprisonment and a fine between Dh100,000 to Dh500,000.
Abdelaziz said banks and financial institutes should compensate the customer in cases of cybercrimes and misuse of data if the loss is not due to the negligence of the customer. “Don’t fall prey to phone calls from fake bank agents or officials, asking you to update your data or account details. Banks won’t call you for updating your account. Don’t be the reason behind losing your money or hacking into your accounts,” Abdelaziz cautioned.
More punishments for fraudsters
Moreover, lawyer Mohammad Al Najar told Gulf News that victims can report any incident of fraud to the police who will then refer the case to public prosecution for investigation, before referring the case to courts for punishment.
Punishment is either imprisonment, fine or both on whoever gains access without legal authority to credit, electronic card number, data, bank account numbers or any other electronic payment method by using the internet or any information technology means.
Protecting bank customers’ rights
“The punishment is either imprisonment, fine or both on whoever gains access without legal authority to credit, electronic card number, data, bank account numbers or any other electronic payment method by using the internet or any information technology means. UAE has protected its bank customers’ rights if their accounts are hacked,” Al Najar explained.
According to Article 12 of UAE Federal Law No 5 of 2012, the punishment shall be six months of imprisonment and a fine between Dh100,000 to Dh300,000 or either of these two penalties. “If a person illegally obtains funds belonging to others, whether for himself or herself or for others, then the offender shall be sentenced to one year in jail and a fine between Dh200,000 to Dh1 million will be slapped on him or her or either of these two penalties shall be applicable.”
What do the banks say about credit card frauds
Kartik Taneja, executive vice-president and head of Payments at Mashreq Bank, spoke about ‘phishing’ attacks and scams involving a form of ‘social engineering’, wherein, cybercriminals attempt to ask for or gain access to sensitive financial details, such as credit card numbers, or one-time passwords (OTPs) usually sent by a bank, to complete a transaction.
“Last year, UAE residents were targeted by cybercriminals posing as representatives of e-commerce or delivery companies, asking for the customers’ bank details to complete a delivery. Although the details of the consignment were not specified, the call itself created some curiosity in the customer,” said Taneja,” he added.
Disputing fraudulent transactions
Taneja said that customers have a right to dispute any contentious or suspicious transaction and file a police complaint against fraudsters if their location is determined. “There are already well-established rules for disputed transactions and chargebacks, as defined by companies such as Mastercard and Visa. In general, once a request is received, banks around the world conduct a careful review of the unique circumstances of each case and utilise their expertise and knowledge of various ‘dispute types’ to arrive at a decision,” Taneja added.
In most cases, an investigation into a dispute can take between eight and 12 weeks to be completed.
Once a request is received, banks around the world conduct a careful review of the unique circumstances of each case and utilise their expertise and knowledge of various ‘dispute types’ to arrive at a decision.
According to Taneja, banks can choose to issue temporary credit to the affected customer so that he or she has sufficient funds available to meet immediate spending needs. “At Mashreq Bank, for example, we have a policy of immediately providing all eligible customers with temporary credit equivalent to the disputed amount, so that their spending needs are met,” he added.
Dealing with the aftermath
Taneja said that first, it is important to immediately block one’s credit card or debit card and change all passwords related to the cards that might have been compromised. “You can usually get this done without visiting a branch, through internet or mobile banking. Next, you must report the scam to your bank to attempt to recover your funds.”
One of the most common misconceptions is that a bank can “stop” a fraudulent transaction after it has already taken place. “Generally, all transactions are approved by the bank after successful authorisation. Depending on the sophistication of your bank, it may use high-tech capabilities in order to detect transactions that match potentially fraudulent transactions and block them,” said Taneja.
“However, if a transaction has already been approved, the bank cannot reverse it. It is then the responsibility of banks concerned to work with the customer as well as other stakeholders in order to maximise chances of recovery,” Taneja said.