Dubai: The Dubai Court of Appeal has upheld a judgment which held a local bank responsible for a Dh4.7 million SIM card swap fraud.
Ghassan El Daye, Partner and Head of Litigation for the Middle East with the UK-based law firm Charles Russell Speechlys, said that in a landmark judgment, the Dubai Commercial Court found a local bank responsible for a SIM card swap fraud that cost a customer Dh4.7 million in life savings.
The case dates back to 2017 when the customer’s money was stolen from his account which the bank had then closed without his knowledge.
EL Daye said that Dubai Court of Appeal upheld the Commercial Court judgment on Wednesday.
El Daye said the court has ordered the bank to pay the customer Dh4.7 million with a nine per cent interest from the date the case was lodged.
“Our client had come back on a visit to the UAE in May 2017 to discover his account had zero balance. The man was informed his account had been closed and was advised by bank employees to file a criminal case. But our team recommended to him to file a civil claim to get his money,” said El Daye.
Despite the bank’s argument insisting on the issue being the account holder’s responsibility since he possessed the original SIM card and PIN number, and had failed to object to the transactions within 30 days from reviewing his account statement, the court ruled in the man’s favour.
After being ordered to pay its client Dh4,6 million, which includes his money and an additional Dh100,000 in compensation with a nine per cent interest to be paid from the date the case was lodged, the bank appealed the verdict.
Appeal court judges appointed banking and technical experts to look into the responsibility of the bank in terms of negligence, lack of supervision and control that led to the account being breached.
“The experts’ report held the bank responsible for our client’s financial loss due to a lack of technical protection of his confidential data and that of safe electronic procedures and investigations at the bank,” added El Daye.
“It also indicated a clear technical failure at the bank by issuing and delivering a credit card to a client who is actually outside the country, in addition to the lack of strong procedures to prevent the breach from happening.”
The report said that a double-factor authentication system at the bank to control who among its employees is allowed access to clients’ accounts and confidential data, did not exist.
It also said the absence of an alarm system that monitors suspicious transactions from accounts, especially inactive ones, contributed to the man’s money being stolen through cash withdrawals, 15 online transfers and purchases via the victim’s credit card.
“The report’s findings came in favour of our legal team’s argument regarding our client’s confidential data including his official documents and contact numbers, being illegally divulged to others by an employee of the bank,” El Daye said.
“This case sets a precedence in the country, as it holds a financial institution liable for a fraud case involving a replacement SIM card, which is now an important element of banking operations in the country and the world.”
How SIM swap card scam works
Once cyber criminals have gathered enough information on a target, they create a false identity. First, they call the victim’s cell phone provider claiming that his or her SIM card has been lost or damaged. Then they request a replacement SIM. Most telecom providers won’t acquiesce to those requests unless security questions are answered, but the fraudsters come prepared, using the personal data they’ve collected to defeat the security checks.
As the victim’s SIM card stops working, the criminal gains access to any online service that requires security codes to be sent to a user’s mobile phone. Banks do ask for confirmation via text messages to the phone number but since it’s already with the criminal, victims remain in the dark even after their bank accounts have been drained.
How to protect yourself from SIM swap fraud
If your cell phone number stops working for an unknown reason, get in touch with your telecom operator immediately.
Register your number for SMS and email alerts to stay updated about transactions on your bank account.
Don’t respond to unsolicited calls and text messages asking for your bank details.