How does Mashreq work to ensure it’s always one step ahead of cybercriminals?
I think “one step” is a very good choice of words. Cybercriminals keep coming up with creative new ways of doing fraud, and the banks have to keep employing even more creative ways to overcome them. At Mashreq, we use a combination of global best practices, expert advice from Mastercard/Visa, our in-house learning from the cases we’ve seen, as well as learnings shared by law enforcement or other authorities.
We are also working on new-age solutions like biometrics, risk-based and step up authentication, which ensures customers enjoy frictionless payments, while being protected from fraud.
I would like to share the latest innovation we have done to protect our customers. It’s simple, but we are confident it will be very effective:
Over the past few months, we noticed a new trend of fraud where a customer intends to make a small payment at what seems like a genuine, functional website. It could be Dh10 for an international courier delivery, or Dh20 for a great deal at a well-known pizza brand. But what’s happening at the back end is that the websites are run by fraudsters and they use the website to steal one-time passwords and conduct unauthorised transactions.
What did we do? We revised our OTP SMS format so that it also includes the transaction amount, the merchant name, and OTP in that order. The layout (intentionally) is such that customers will be forced to read the amount and the merchant name before they see the password. We are confident that this will reduce frauds as customers notice that the amount and merchant is not what they intended it to be. This new format should become industry standard soon, until the region moves on to soft tokens or other risk-based solutions
What does Mashreq do to promote security awareness for its customers?
We keep our customers aware by a) being transparent and b) keeping them aware. We constantly educate our customers on the importance of keeping their financial details safe, educate them on how to protect themselves from various evolving fraud trends, and what to do when they suspect fraud:
1. Mashreq is a key participant and contributor in the UAE National Fraud awareness campaign run under the leadership of UAE Central Bank, UAE Banking Federation, Abu Dhabi police and Dubai police.
2. We are not afraid of transparently telling our customers exactly how a transaction dispute works. “Was it an ecommerce transaction without 3D secure password? No problem you will get all your money back”. “Was it a 3D Secure transaction with a password? Well, unfortunately it seems like you have been tricked into sharing the password, the liability will be with you”. We believe in transparency of information with our customers when it comes to their rights and liabilities in a disputed transaction. We are the only bank in the region and one of the very few banks globally which clearly informs customers of the liability in various types of transactions. Customers can visit Mashreq.com/ccdisputeform for a detailed snapshot of the same.
3. A monthly “anti-fraud tips” email and SMS is sent to the customers to assist them in their role in not becoming a victim of fraud.
4. We have a dedicated page on our website which is a collection of best practices of online security and card safety tips, which can be accessed at Mashreq.com/onlinesecurity and mashreq.com/cardsafety.
5. The last thing anyone wants when disputing a transaction is to have to go through difficult paperwork. We now offer paperless transaction dispute (no print, no signature). Customers can download a PDF form and email it to us.
6. We understand our customers’ need to travel with peace of mind. Our Mashreq Mobile App offers a range of controls that customers can access instantly:
Temporary card block
Set and Reset of PIN
Block and replacement of the card
Set-up transaction limits
Set -up daily limits
Set no. of transactions per day
Block merchant categories
Mashreq ensures that our customers enjoy the most convenient financial services. Our values include being passionate about clients while being socially responsible and transparent. We are committed to protecting our client’s financial security.