Banks urged to share hack info

The Central Bank of the UAE has called on the country’s financial institutions to prevent future online security and ATM breaches by better sharing information about incidents, Emirates Bank has revealed.

  • E-Mail
By  Diana Milne Published  July 16, 2006

The Central Bank of the UAE has called on the country’s financial institutions to prevent future online security and ATM breaches by better sharing information about incidents, Emirates Bank has revealed. According to Abdulla Quassem, general manager of IT and operations at Emirates Bank, the Central Bank called for a meeting of banks in the UAE following a spate of security attacks — including phishing and ATM fraud incidents — in the region. Quassem said that, at the meeting, the Central Bank urged those present to better share information among themselves about any fraud and security incidents they experience. This sort of information sharing has improved, revealed Quassem, but needed to happen more frequently if banks were to combat security incidents. “The Central Bank called for a meeting and they advised the banks that they should be more cooperative — banks should exchange more information if they came to know about any hacking or any kind of a fraud,” he said. “Compared to two years back, we have become far better now in terms of exchanging information, but always there are improvements that can be done in terms of exchanging the ideas and information,” he stated. “So if I come across something in my bank, some fraud or something, I think it’s the duty of the bank to inform them (the other banks) either through the Central Bank or through the internal network to other banks,” he continued. “Breach of security is not a competitive advantage that someone should take against the competition. Security is a common duty among all of the banks,” Quassem added. The meeting followed an incident last month in the Umm Sequim area of the UAE where a skimmer and pin-hole camera were attached to an Emirates Bank ATM machine. Details of customers from several banks that used the machine were recorded then the details given to fraudsters in Eastern Europe who made copies of the cards and used the pin numbers to withdraw money from a handful of customers accounts. The bank took action by blocking access to its network from certain countries in Eastern Europe. Quassem said the number of accounts hit was “very minimal” as was the amount taken from the accounts, which was fully refunded to the affected customers. “Of course the attempt was on more than ten or 12 accounts but it was unsuccessful because we already knew about it and we blocked those cards”, he emphasised. “What we have done is we have of course taken precautions. We have blocked the cards that we knew were exposed,” he went on to add. He also revealed that a month earlier, Emirates Bank customers were targeted in a phishing attack in which customers were sent fraudulent e-mails claiming to have come from the bank and asking for personal information. “We had some unsuccessful phishing (attacks) where they ask customers for sensitive information to key in,” he said. “It’s in a screen that looks like Emirates Bank or looks like Dubai Islamic Bank, or it looks like MashreqBank, and it says we are just cleaning our data, or to serve you better, or whatever excuse they bring and say ‘please enter your user ID and password’,” he added. “[We detected it] because our security guys can see it and then some of the customers were calling our call centres saying we received this information. Immediately we sent an e-mail to the customers,” Quassem went on to say.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code